mirror of
https://github.com/samba-team/samba.git
synced 2025-02-26 21:57:41 +03:00
remerge andrew's cracklib patch from HEAD and fix a compile warnings
(This used to be commit b60f6ec30d05e4e5bba9934a416ddc8bc089824f)
This commit is contained in:
Gerald Carter
parent
4c49368dbc
commit
19cc1a9f20
@ -2962,6 +2962,64 @@ if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
dictpath="/usr/lib/cracklib_dict"
|
||||
|
||||
###############################################
|
||||
# test for where we get FaciestCheck from
|
||||
AC_MSG_CHECKING(where to use cracklib from (default=$dictpath))
|
||||
AC_ARG_WITH(cracklib,
|
||||
[ --with-cracklib[=DIR] Look for cracklib dictionary in this location ],
|
||||
[ case "$withval" in
|
||||
yes)
|
||||
AC_MSG_RESULT(${dictpath})
|
||||
;;
|
||||
no)
|
||||
AC_MSG_RESULT(no)
|
||||
dictpath=""
|
||||
;;
|
||||
*)
|
||||
dictpath="$withval"
|
||||
AC_MSG_RESULT(${dictpath})
|
||||
;;
|
||||
esac ],
|
||||
dictpath=""
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
if test x$dictpath != x""; then
|
||||
AC_SEARCH_LIBS(FascistCheck, [crack],
|
||||
[test "$ac_cv_search_crack" = "none required" || samba_cv_found_crack="yes"
|
||||
AC_DEFINE(HAVE_CRACK,1,[Whether the system has the FaciestCheck function from cracklib])])
|
||||
|
||||
crack_saved_libs=$LIBS;
|
||||
|
||||
if test x$samba_cv_found_crack=x"yes"; then
|
||||
AC_SEARCH_LIBS(CRACKLIB_DICTPATH, [crypt],
|
||||
AC_DEFINE(HAVE_CRACKLIB_DICTPATH, 1, [Whether we have given a CRACKLIB_DICTPATH in our headers])
|
||||
)
|
||||
|
||||
AC_DEFINE_UNQUOTED(SAMBA_CRACKLIB_DICTPATH, "$dictpath", [Where the cracklib dictionay is])
|
||||
AC_MSG_CHECKING(Whether we have a working cracklib)
|
||||
AC_TRY_RUN([
|
||||
#include "${srcdir-.}/tests/crack.c"],
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_WORKING_CRACKLIB,1,[Whether we have a working cracklib])
|
||||
AUTH_LIBS="-lcrack $AUTH_LIBS",
|
||||
|
||||
AC_MSG_RESULT(no)
|
||||
AC_MSG_WARN(cracklib exists - but does not function correctly),
|
||||
|
||||
AC_MSG_RESULT(no)
|
||||
AC_MSG_WARN(cannot test-run when cross-compiling)
|
||||
)
|
||||
else
|
||||
AC_MSG_CHECKING(Whether we have cracklib)
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
LIBS=$crack_saved_libs
|
||||
fi
|
||||
|
||||
########################################################################################
|
||||
##
|
||||
## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER
|
||||
|
||||
@ -2834,11 +2834,17 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
|
||||
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
|
||||
} else {
|
||||
/* update the UNIX password */
|
||||
if (lp_unix_password_sync() )
|
||||
if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
|
||||
if (lp_unix_password_sync() ) {
|
||||
struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd));
|
||||
if (!passwd) {
|
||||
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
|
||||
}
|
||||
|
||||
if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
|
||||
pdb_free_sam(&pwd);
|
||||
return False;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ZERO_STRUCT(plaintext_buf);
|
||||
@ -2899,7 +2905,12 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid)
|
||||
} else {
|
||||
/* update the UNIX password */
|
||||
if (lp_unix_password_sync()) {
|
||||
if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
|
||||
struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd));
|
||||
if (!passwd) {
|
||||
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
|
||||
}
|
||||
|
||||
if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
|
||||
pdb_free_sam(&pwd);
|
||||
return False;
|
||||
}
|
||||
|
||||
@ -48,6 +48,16 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_WORKING_CRACKLIB
|
||||
#include <crack.h>
|
||||
|
||||
#ifndef HAVE_CRACKLIB_DICTPATH
|
||||
#ifndef CRACKLIB_DICTPATH
|
||||
#define CRACKLIB_DICTPATH SAMBA_CRACKLIB_DICTPATH
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
extern struct passdb_ops pdb_ops;
|
||||
|
||||
static NTSTATUS check_oem_password(const char *user,
|
||||
@ -442,25 +452,14 @@ while we were waiting\n", WTERMSIG(wstat)));
|
||||
return (chstat);
|
||||
}
|
||||
|
||||
BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
|
||||
BOOL chgpasswd(const char *name, const struct passwd *pass,
|
||||
const char *oldpass, const char *newpass, BOOL as_root)
|
||||
{
|
||||
pstring passwordprogram;
|
||||
pstring chatsequence;
|
||||
size_t i;
|
||||
size_t len;
|
||||
|
||||
struct passwd *pass;
|
||||
|
||||
if (!name) {
|
||||
DEBUG(1, ("chgpasswd: NULL username specfied !\n"));
|
||||
}
|
||||
|
||||
pass = Get_Pwnam(name);
|
||||
if (!pass) {
|
||||
DEBUG(1, ("chgpasswd: Username does not exist in system !\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!oldpass) {
|
||||
oldpass = "";
|
||||
}
|
||||
@ -472,13 +471,6 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL
|
||||
#endif
|
||||
|
||||
/* Take the passed information and test it for minimum criteria */
|
||||
/* Minimum password length */
|
||||
if (strlen(newpass) < lp_min_passwd_length()) {
|
||||
/* too short, must be at least MINPASSWDLENGTH */
|
||||
DEBUG(0, ("chgpasswd: Password Change: user %s, New password is shorter than minimum password length = %d\n",
|
||||
name, lp_min_passwd_length()));
|
||||
return (False); /* inform the user */
|
||||
}
|
||||
|
||||
/* Password is same as old password */
|
||||
if (strcmp(oldpass, newpass) == 0) {
|
||||
@ -571,7 +563,8 @@ the string %%u, and the given string %s does not.\n", passwordprogram ));
|
||||
|
||||
#else /* ALLOW_CHANGE_PASSWORD */
|
||||
|
||||
BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
|
||||
BOOL chgpasswd(const char *name, const struct passwd *pass,
|
||||
const char *oldpass, const char *newpass, BOOL as_root)
|
||||
{
|
||||
DEBUG(0, ("chgpasswd: Unix Password changing not compiled in (user=%s)\n", name));
|
||||
return (False);
|
||||
@ -958,6 +951,8 @@ static NTSTATUS check_oem_password(const char *user,
|
||||
|
||||
NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd, BOOL as_root)
|
||||
{
|
||||
struct passwd *pass;
|
||||
|
||||
BOOL ret;
|
||||
uint32 min_len;
|
||||
|
||||
@ -985,7 +980,47 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
|
||||
/* return NT_STATUS_PWD_TOO_SHORT; */
|
||||
}
|
||||
|
||||
/* TODO: Add cracklib support here */
|
||||
pass = Get_Pwnam(pdb_get_username(hnd));
|
||||
if (!pass) {
|
||||
DEBUG(1, ("check_oem_password: Username does not exist in system !?!\n"));
|
||||
}
|
||||
|
||||
#ifdef HAVE_WORKING_CRACKLIB
|
||||
if (pass) {
|
||||
/* if we can, become the user to overcome internal cracklib sillyness */
|
||||
if (!push_sec_ctx())
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
|
||||
set_re_uid();
|
||||
}
|
||||
|
||||
if (lp_use_cracklib()) {
|
||||
const char *crack_check_reason;
|
||||
DEBUG(4, ("change_oem_password: Checking password for user [%s]"
|
||||
" against cracklib. \n", pdb_get_username(hnd)));
|
||||
DEBUGADD(4, ("If this is your last message, then something is "
|
||||
"wrong with cracklib, it might be missing it's "
|
||||
"dictionaries at %s\n",
|
||||
CRACKLIB_DICTPATH));
|
||||
dbgflush();
|
||||
|
||||
crack_check_reason = FascistCheck(new_passwd, (char *)CRACKLIB_DICTPATH);
|
||||
if (crack_check_reason) {
|
||||
DEBUG(1, ("Password Change: user [%s], "
|
||||
"New password failed cracklib test - %s\n",
|
||||
pdb_get_username(hnd), crack_check_reason));
|
||||
|
||||
/* get back to where we should be */
|
||||
if (pass)
|
||||
pop_sec_ctx();
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
}
|
||||
|
||||
if (pass)
|
||||
pop_sec_ctx();
|
||||
#endif
|
||||
|
||||
/*
|
||||
* If unix password sync was requested, attempt to change
|
||||
@ -1000,7 +1035,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
|
||||
*/
|
||||
|
||||
if(lp_unix_password_sync() &&
|
||||
!chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, as_root)) {
|
||||
!chgpasswd(pdb_get_username(hnd), pass, old_passwd, new_passwd, as_root)) {
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
|
||||
@ -37,6 +37,13 @@ static const char *remote_machine = NULL;
|
||||
|
||||
static fstring ldap_secret;
|
||||
|
||||
/* FUNCTION DECLARATIONS */
|
||||
|
||||
BOOL remote_password_change(const char *rmachine, const char *username,
|
||||
const char *old_pw, const char *new_pw,
|
||||
char *err_str, size_t err_str_len);
|
||||
|
||||
|
||||
/*********************************************************
|
||||
Print command usage on stderr and die.
|
||||
**********************************************************/
|
||||
|
||||
@ -51,6 +51,13 @@ static int iNumNonAutoPrintServices = 0;
|
||||
#define ENABLE_USER_FLAG "enable_user_flag"
|
||||
#define RHOST "remote_host"
|
||||
|
||||
/* FUNCTION DECLARATIONS */
|
||||
|
||||
BOOL remote_password_change(const char *rmachine, const char *username,
|
||||
const char *old_pw, const char *new_pw,
|
||||
char *err_str, size_t err_str_len);
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
****************************************************************************/
|
||||
static int enum_index(int value, const struct enum_list *enumlist)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user