diff options
Diffstat (limited to 'source3/smbd/chgpasswd.c')
| -rw-r--r-- | source3/smbd/chgpasswd.c | 81 |
1 files changed, 23 insertions, 58 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 692e82680d..e6117245e7 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -49,16 +49,6 @@ #include "includes.h" -#ifdef HAVE_WORKING_CRACKLIB -#include <crack.h> - -#ifndef HAVE_CRACKLIB_DICTPATH -#ifndef CRACKLIB_DICTPATH -#define CRACKLIB_DICTPATH SAMBA_CRACKLIB_DICTPATH -#endif -#endif -#endif - extern struct passdb_ops pdb_ops; static NTSTATUS check_oem_password(const char *user, @@ -451,14 +441,25 @@ while we were waiting\n", WTERMSIG(wstat))); return (chstat); } -BOOL chgpasswd(const char *name, const struct passwd *pass, - const char *oldpass, const char *newpass, BOOL as_root) +BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root) { pstring passwordprogram; pstring chatsequence; size_t i; size_t len; + struct passwd *pass; + + if (!name) { + DEBUG(1, ("chgpasswd: NULL username specfied !\n")); + } + + pass = Get_Pwnam(name); + if (!pass) { + DEBUG(1, ("chgpasswd: Username does not exist in system !\n")); + return False; + } + if (!oldpass) { oldpass = ""; } @@ -470,6 +471,13 @@ BOOL chgpasswd(const char *name, const struct passwd *pass, #endif /* Take the passed information and test it for minimum criteria */ + /* Minimum password length */ + if (strlen(newpass) < lp_min_passwd_length()) { + /* too short, must be at least MINPASSWDLENGTH */ + DEBUG(0, ("chgpasswd: Password Change: user %s, New password is shorter than minimum password length = %d\n", + name, lp_min_passwd_length())); + return (False); /* inform the user */ + } /* Password is same as old password */ if (strcmp(oldpass, newpass) == 0) { @@ -562,8 +570,7 @@ the string %%u, and the given string %s does not.\n", passwordprogram )); #else /* ALLOW_CHANGE_PASSWORD */ -BOOL chgpasswd(const char *name, const struct passwd *pass, - const char *oldpass, const char *newpass, BOOL as_root) +BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root) { DEBUG(0, ("chgpasswd: Password changing not compiled in (user=%s)\n", name)); return (False); @@ -902,8 +909,6 @@ static NTSTATUS check_oem_password(const char *user, NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd, BOOL as_root) { - struct passwd *pass; - BOOL ret; uint32 min_len; @@ -931,47 +936,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw /* return NT_STATUS_PWD_TOO_SHORT; */ } - pass = Get_Pwnam(pdb_get_username(hnd)); - if (!pass) { - DEBUG(1, ("check_oem_password: Username does not exist in system !?!\n")); - } - -#ifdef HAVE_WORKING_CRACKLIB - if (pass) { - /* if we can, become the user to overcome internal cracklib sillyness */ - if (!push_sec_ctx()) - return NT_STATUS_UNSUCCESSFUL; - - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); - set_re_uid(); - } - - if (lp_use_cracklib()) { - const char *crack_check_reason; - DEBUG(4, ("change_oem_password: Checking password for user [%s]" - " against cracklib. \n", pdb_get_username(hnd))); - DEBUGADD(4, ("If this is your last message, then something is " - "wrong with cracklib, it might be missing it's " - "dictionaries at %s\n", - CRACKLIB_DICTPATH)); - dbgflush(); - - crack_check_reason = FascistCheck(new_passwd, (char *)CRACKLIB_DICTPATH); - if (crack_check_reason) { - DEBUG(1, ("Password Change: user [%s], " - "New password failed cracklib test - %s\n", - pdb_get_username(hnd), crack_check_reason)); - - /* get back to where we should be */ - if (pass) - pop_sec_ctx(); - return NT_STATUS_PASSWORD_RESTRICTION; - } - } - - if (pass) - pop_sec_ctx(); -#endif + /* TODO: Add cracklib support here */ /* * If unix password sync was requested, attempt to change @@ -986,7 +951,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw */ if(lp_unix_password_sync() && - !chgpasswd(pdb_get_username(hnd), pass, old_passwd, new_passwd, as_root)) { + !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, as_root)) { return NT_STATUS_ACCESS_DENIED; } |