From 410a6c72eafbb7fb1ecc9bf89310842ea8027494 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Tue, 14 Sep 2004 00:21:11 +0000
Subject: r2331: check password script code and example from trunk (This used
 to be commit f836be323a233f3a28cbaa04c532e83ea98ead89)

---
 source3/smbd/chgpasswd.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'source3/smbd/chgpasswd.c')

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 8ea5b9c60a..7d3ffedec0 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1046,6 +1046,19 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	/* Use external script to check password complexity */
+	if (lp_check_password_script()) {
+		int check_ret;
+
+		check_ret = smbrunsecret(lp_check_password_script(), new_passwd);
+		DEBUG(5, ("change_oem_password: check password script (%s) returned [%d]\n", lp_check_password_script(), check_ret));
+
+		if (check_ret != 0) {
+			DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
+			return NT_STATUS_PASSWORD_RESTRICTION;
+		}
+	}
+
 	/*
 	 * If unix password sync was requested, attempt to change
 	 * the /etc/passwd database first. Return failure if this cannot
-- 
cgit