diff options
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 62632d08c5..bcb4acbf15 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -5373,6 +5373,9 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p, NTSTATUS _samr_GetDomPwInfo(pipes_struct *p, struct samr_GetDomPwInfo *r) { + uint32_t min_password_length = 0; + uint32_t password_properties = 0; + /* Perform access check. Since this rpc does not require a policy handle it will not be caught by the access checks on SAMR_CONNECT or SAMR_CONNECT_ANON. */ @@ -5382,8 +5385,19 @@ NTSTATUS _samr_GetDomPwInfo(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - /* Actually, returning zeros here works quite well :-). */ - ZERO_STRUCTP(r->out.info); + become_root(); + pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + &min_password_length); + pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + &password_properties); + unbecome_root(); + + if (lp_check_password_script() && *lp_check_password_script()) { + password_properties |= DOMAIN_PASSWORD_COMPLEX; + } + + r->out.info->min_password_length = min_password_length; + r->out.info->password_properties = password_properties; return NT_STATUS_OK; } |