1 files changed, 22 insertions, 18 deletions

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 2cc2206337..dc58cc27ad 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1115,30 +1115,34 @@ NTSTATUS check_password_complexity(const char *username,
 				   enum samPwdChangeReason *samr_reject_reason)
 {
 	TALLOC_CTX *tosctx = talloc_tos();
+	int check_ret;
+	char *cmd;
 
 	/* Use external script to check password complexity */
-	if (lp_check_password_script() && *(lp_check_password_script())) {
-		int check_ret;
-		char *cmd;
+	if ((lp_check_password_script() == NULL)
+	    || (*(lp_check_password_script()) == '\0')) {
+		return NT_STATUS_OK;
+	}
 
-		cmd = talloc_string_sub(tosctx, lp_check_password_script(), "%u", username);
-		if (!cmd) {
-			return NT_STATUS_PASSWORD_RESTRICTION;
-		}
+	cmd = talloc_string_sub(tosctx, lp_check_password_script(), "%u",
+				username);
+	if (!cmd) {
+		return NT_STATUS_PASSWORD_RESTRICTION;
+	}
 
-		check_ret = smbrunsecret(cmd, password);
-		DEBUG(5,("check_password_complexity: check password script (%s) returned [%d]\n",
-			cmd, check_ret));
-		TALLOC_FREE(cmd);
+	check_ret = smbrunsecret(cmd, password);
+	DEBUG(5,("check_password_complexity: check password script (%s) "
+		 "returned [%d]\n", cmd, check_ret));
+	TALLOC_FREE(cmd);
 
-		if (check_ret != 0) {
-			DEBUG(1,("check_password_complexity: "
-				"check password script said new password is not good enough!\n"));
-			if (samr_reject_reason) {
-				*samr_reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
-			}
-			return NT_STATUS_PASSWORD_RESTRICTION;
+	if (check_ret != 0) {
+		DEBUG(1,("check_password_complexity: "
+			 "check password script said new password is not good "
+			 "enough!\n"));
+		if (samr_reject_reason) {
+			*samr_reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
 		}
+		return NT_STATUS_PASSWORD_RESTRICTION;
 	}
 
 	return NT_STATUS_OK;