diff options
| author | Andrew Tridgell <tridge@samba.org> | 2009-05-25 15:23:54 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2009-05-25 15:23:54 +1000 |
| commit | b335618d1743599588902cfd2be4ae37150b239d (patch) | |
| tree | e2981301d61704362023589a47eadc6288f7419f /source4 | |
| parent | 4dcc058ea1d98e40f59f2726c4dd37a98401b258 (diff) | |
| download | samba-b335618d1743599588902cfd2be4ae37150b239d.tar.gz samba-b335618d1743599588902cfd2be4ae37150b239d.tar.bz2 samba-b335618d1743599588902cfd2be4ae37150b239d.zip | |
fixed interpretation of ACB_PWNOTREQ
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 14 | ||||
| -rw-r--r-- | source4/dsdb/common/util.c | 7 |
2 files changed, 6 insertions, 15 deletions
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 2b9b92812c..e99d0e1f51 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -152,20 +152,6 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context, { NTSTATUS status; - if (acct_flags & ACB_PWNOTREQ) { - if (lp_null_passwords(auth_context->lp_ctx)) { - DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", - user_info->mapped.account_name)); - *lm_sess_key = data_blob(NULL, 0); - *user_sess_key = data_blob(NULL, 0); - return NT_STATUS_OK; - } else { - DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", - user_info->mapped.account_name)); - return NT_STATUS_LOGON_FAILURE; - } - } - switch (user_info->password_state) { case AUTH_PASSWORD_PLAIN: { diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 19eb3433a9..b9aceab836 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1658,6 +1658,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, minPwdLength = samdb_result_uint(res[0], "minPwdLength", 0); minPwdAge = samdb_result_int64(res[0], "minPwdAge", 0); + if (userAccountControl & UF_PASSWD_NOTREQD) { + /* see [MS-ADTS] 2.2.15 */ + minPwdLength = 0; + } + if (_dominfo) { struct samr_DomInfo1 *dominfo; /* on failure we need to fill in the reject reasons */ @@ -1697,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, /* possibly check password complexity */ - if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX && + if (restrictions && (pwdProperties & DOMAIN_PASSWORD_COMPLEX) && !samdb_password_complexity_ok(new_pass)) { if (reject_reason) { *reject_reason = SAMR_REJECT_COMPLEXITY; |