summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-05-25 15:23:54 +1000
committerAndrew Tridgell <tridge@samba.org>2009-05-25 15:23:54 +1000
commitb335618d1743599588902cfd2be4ae37150b239d (patch)
treee2981301d61704362023589a47eadc6288f7419f /source4
parent4dcc058ea1d98e40f59f2726c4dd37a98401b258 (diff)
downloadsamba-b335618d1743599588902cfd2be4ae37150b239d.tar.gz
samba-b335618d1743599588902cfd2be4ae37150b239d.tar.bz2
samba-b335618d1743599588902cfd2be4ae37150b239d.zip
fixed interpretation of ACB_PWNOTREQ
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/ntlm/auth_sam.c14
-rw-r--r--source4/dsdb/common/util.c7
2 files changed, 6 insertions, 15 deletions
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 2b9b92812c..e99d0e1f51 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -152,20 +152,6 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
{
NTSTATUS status;
- if (acct_flags & ACB_PWNOTREQ) {
- if (lp_null_passwords(auth_context->lp_ctx)) {
- DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n",
- user_info->mapped.account_name));
- *lm_sess_key = data_blob(NULL, 0);
- *user_sess_key = data_blob(NULL, 0);
- return NT_STATUS_OK;
- } else {
- DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n",
- user_info->mapped.account_name));
- return NT_STATUS_LOGON_FAILURE;
- }
- }
-
switch (user_info->password_state) {
case AUTH_PASSWORD_PLAIN:
{
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 19eb3433a9..b9aceab836 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1658,6 +1658,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
minPwdLength = samdb_result_uint(res[0], "minPwdLength", 0);
minPwdAge = samdb_result_int64(res[0], "minPwdAge", 0);
+ if (userAccountControl & UF_PASSWD_NOTREQD) {
+ /* see [MS-ADTS] 2.2.15 */
+ minPwdLength = 0;
+ }
+
if (_dominfo) {
struct samr_DomInfo1 *dominfo;
/* on failure we need to fill in the reject reasons */
@@ -1697,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* possibly check password complexity */
- if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
+ if (restrictions && (pwdProperties & DOMAIN_PASSWORD_COMPLEX) &&
!samdb_password_complexity_ok(new_pass)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY;