From c47347ebe9903239a29a6c27b5367fa03b5611d0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 19 Jan 2007 14:54:05 +0000 Subject: r20905: Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION if the pw chnage fails due to policy settings where as 2003 (the chgpasswd3() request) fails with NT_STATUS_PASSWORD_RESTRICTION. Thunk down to the same return code so we correctly retreive the password policy in both cases. (This used to be commit 262bb80e9cf7fb6dbf93144ae0b939c84ec0ea04) --- source3/nsswitch/winbindd_pam.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 9274c30ba7..b383ec663a 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -1865,9 +1865,9 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact result = rpccli_samr_chgpasswd3(cli, state->mem_ctx, user, newpass, oldpass, &info, &reject); - /* FIXME: need to check for other error codes ? */ - if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) { + /* Windows 2003 returns NT_STATUS_PASSWORD_RESTRICTION */ + if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) ) { state->response.data.auth.policy.min_length_password = info.min_length_password; state->response.data.auth.policy.password_history = @@ -1883,9 +1883,10 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact reject.reject_reason; got_info = True; + } /* only fallback when the chgpasswd3 call is not supported */ - } else if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || + if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) { @@ -1893,6 +1894,13 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact nt_errstr(result))); result = rpccli_samr_chgpasswd_user(cli, state->mem_ctx, user, newpass, oldpass); + + /* Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION. + Map to the same status code as Windows 2003. */ + + if ( NT_STATUS_EQUAL(NT_STATUS_ACCOUNT_RESTRICTION, result ) ) { + result = NT_STATUS_PASSWORD_RESTRICTION; + } } done: -- cgit