diff options
author | Andrew Kroeger <andrew@id10ts.net> | 2009-09-07 03:38:33 -0500 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-10 01:09:54 +0200 |
commit | 4b68cfe15dcb62930ddda8c43d5d52deaa4d6501 (patch) | |
tree | e6bdcf6da54532d31c15378bbeda7157644a475f /source4 | |
parent | 0206b1d6f979dab29c70ada10153578ce45b774a (diff) | |
download | samba-4b68cfe15dcb62930ddda8c43d5d52deaa4d6501.tar.gz samba-4b68cfe15dcb62930ddda8c43d5d52deaa4d6501.tar.bz2 samba-4b68cfe15dcb62930ddda8c43d5d52deaa4d6501.zip |
s4:pwsettings: Added validation.
Validate that each field is within its allowed range. Also validate that the
maximum password age is greater than the minimum password length (if the maximum
password age is set).
I could not find these values documented anywhere in the WSPP docs. I used the
values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs
the validation of values.
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/setup/pwsettings | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings index bc65d2c0fa..7206d7116b 100755 --- a/source4/setup/pwsettings +++ b/source4/setup/pwsettings @@ -125,6 +125,10 @@ elif args[0] == "set": else: pwd_hist_len = int(opts.history_length) + if pwd_hist_len < 0 or pwd_hist_len > 24: + print "ERROR: Password history length must be in the range of 0 to 24!" + sys.exit(1) + m["pwdHistoryLength"] = ldb.MessageElement(str(pwd_hist_len), ldb.FLAG_MOD_REPLACE, "pwdHistoryLength") msgs.append("Password history length changed!") @@ -135,6 +139,10 @@ elif args[0] == "set": else: min_pwd_len = int(opts.min_pwd_length) + if min_pwd_len < 0 or min_pwd_len > 14: + print "ERROR: Minimum password length must be in the range of 0 to 14!" + sys.exit(1) + m["minPwdLength"] = ldb.MessageElement(str(min_pwd_len), ldb.FLAG_MOD_REPLACE, "minPwdLength") msgs.append("Minimum password length changed!") @@ -144,10 +152,15 @@ elif args[0] == "set": min_pwd_age = 0 else: min_pwd_age = int(opts.min_pwd_age) + + if min_pwd_age < 0 or min_pwd_age > 998: + print "ERROR: Minimum password age must be in the range of 0 to 998!" + sys.exit(1) + # days -> ticks - min_pwd_age = -int(min_pwd_age * (24 * 60 * 60 * 1e7)) + min_pwd_age_ticks = -int(min_pwd_age * (24 * 60 * 60 * 1e7)) - m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age), + m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age_ticks), ldb.FLAG_MOD_REPLACE, "minPwdAge") msgs.append("Minimum password age changed!") @@ -156,13 +169,22 @@ elif args[0] == "set": max_pwd_age = 43 else: max_pwd_age = int(opts.max_pwd_age) + + if max_pwd_age < 0 or max_pwd_age > 999: + print "ERROR: Maximum password age must be in the range of 0 to 999!" + sys.exit(1) + # days -> ticks - max_pwd_age = -int(max_pwd_age * (24 * 60 * 60 * 1e7)) + max_pwd_age_ticks = -int(max_pwd_age * (24 * 60 * 60 * 1e7)) - m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age), + m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age_ticks), ldb.FLAG_MOD_REPLACE, "maxPwdAge") msgs.append("Maximum password age changed!") + if max_pwd_age > 0 and min_pwd_age >= max_pwd_age: + print "ERROR: Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age) + sys.exit(1) + samdb.modify(m) msgs.append("All changes applied successfully!") |