From c5ccf8edaf28c2ee208252e43e69a7be168d8eb2 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 4 Oct 2004 15:53:33 +0000
Subject: r2819: Make 'password history'-behaviour in ldapsam more consistent.

Currently we cannot store more then 15 password history entries (windows
NT4 allows to store 24) in ldapsam. When choosing more then "15" with
pdbedit -P "password history", we fail to initialize the password
history upon password change and overwrite the history, effectively
using a password history of "1". We do already decrease any
history-policy larger then 15 to 15 while storing the password history
list attribute in ldap.

Guenther
(This used to be commit a4b47e71475a06c2e2287613b00648c5f53ae52c)
---
 source3/passdb/pdb_ldap.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source3')

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 751ec7e049..02425810b3 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -727,6 +727,9 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 		uint8 *pwhist = NULL;
 		int i;
 
+		/* We can only store (sizeof(pstring)-1)/64 password history entries. */
+		pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+
 		if ((pwhist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
 			DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
 			return False;
-- 
cgit