From 4b68cfe15dcb62930ddda8c43d5d52deaa4d6501 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Mon, 7 Sep 2009 03:38:33 -0500 Subject: s4:pwsettings: Added validation. Validate that each field is within its allowed range. Also validate that the maximum password age is greater than the minimum password length (if the maximum password age is set). I could not find these values documented anywhere in the WSPP docs. I used the values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs the validation of values. --- source4/setup/pwsettings | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings index bc65d2c0fa..7206d7116b 100755 --- a/source4/setup/pwsettings +++ b/source4/setup/pwsettings @@ -125,6 +125,10 @@ elif args[0] == "set": else: pwd_hist_len = int(opts.history_length) + if pwd_hist_len < 0 or pwd_hist_len > 24: + print "ERROR: Password history length must be in the range of 0 to 24!" + sys.exit(1) + m["pwdHistoryLength"] = ldb.MessageElement(str(pwd_hist_len), ldb.FLAG_MOD_REPLACE, "pwdHistoryLength") msgs.append("Password history length changed!") @@ -135,6 +139,10 @@ elif args[0] == "set": else: min_pwd_len = int(opts.min_pwd_length) + if min_pwd_len < 0 or min_pwd_len > 14: + print "ERROR: Minimum password length must be in the range of 0 to 14!" + sys.exit(1) + m["minPwdLength"] = ldb.MessageElement(str(min_pwd_len), ldb.FLAG_MOD_REPLACE, "minPwdLength") msgs.append("Minimum password length changed!") @@ -144,10 +152,15 @@ elif args[0] == "set": min_pwd_age = 0 else: min_pwd_age = int(opts.min_pwd_age) + + if min_pwd_age < 0 or min_pwd_age > 998: + print "ERROR: Minimum password age must be in the range of 0 to 998!" + sys.exit(1) + # days -> ticks - min_pwd_age = -int(min_pwd_age * (24 * 60 * 60 * 1e7)) + min_pwd_age_ticks = -int(min_pwd_age * (24 * 60 * 60 * 1e7)) - m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age), + m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age_ticks), ldb.FLAG_MOD_REPLACE, "minPwdAge") msgs.append("Minimum password age changed!") @@ -156,13 +169,22 @@ elif args[0] == "set": max_pwd_age = 43 else: max_pwd_age = int(opts.max_pwd_age) + + if max_pwd_age < 0 or max_pwd_age > 999: + print "ERROR: Maximum password age must be in the range of 0 to 999!" + sys.exit(1) + # days -> ticks - max_pwd_age = -int(max_pwd_age * (24 * 60 * 60 * 1e7)) + max_pwd_age_ticks = -int(max_pwd_age * (24 * 60 * 60 * 1e7)) - m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age), + m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age_ticks), ldb.FLAG_MOD_REPLACE, "maxPwdAge") msgs.append("Maximum password age changed!") + if max_pwd_age > 0 and min_pwd_age >= max_pwd_age: + print "ERROR: Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age) + sys.exit(1) + samdb.modify(m) msgs.append("All changes applied successfully!") -- cgit