summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_samr.h1
-rw-r--r--source3/rpc_server/srv_samr_nt.c3
-rw-r--r--source3/smbd/chgpasswd.c10
3 files changed, 13 insertions, 1 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 3af7d5c720..62eb397925 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -1848,6 +1848,7 @@ typedef struct q_samr_chgpasswd_user3
} SAMR_Q_CHGPASSWD_USER3;
+#define REJECT_REASON_OTHER 0x00000000
#define REJECT_REASON_TOO_SHORT 0x00000001
#define REJECT_REASON_IN_HISTORY 0x00000002
#define REJECT_REASON_NOT_COMPLEX 0x00000005
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 75a72fa028..b3be0cccc1 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1505,7 +1505,8 @@ NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAM
r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason);
- if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) ||
+ NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) {
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 501aba3336..e04e902b3a 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1016,6 +1016,10 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
time_t last_change_time = pdb_get_pass_last_set_time(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
+ if (samr_reject_reason) {
+ *samr_reject_reason = Undefined;
+ }
+
if (pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)) {
/*
* Windows calculates the minimum password age check
@@ -1026,6 +1030,9 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
DEBUG(1, ("user %s cannot change password now, must "
"wait until %s\n", username,
http_timestring(last_change_time+min_age)));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
return NT_STATUS_ACCOUNT_RESTRICTION;
}
} else {
@@ -1033,6 +1040,9 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
DEBUG(1, ("user %s cannot change password now, must "
"wait until %s\n", username,
http_timestring(can_change_time)));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
return NT_STATUS_ACCOUNT_RESTRICTION;
}
}