1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

check_password_script: Add a DEBUG message for timeouts

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Bob Campbell 2016-06-28 10:33:24 +12:00 committed by Garming Sam
parent ef0cbc5560
commit 21295155cc

View File

@ -1981,6 +1981,15 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
return ret;
}
static void pwd_timeout_debug(struct tevent_context *unused1,
struct tevent_timer *unused2,
struct timeval unused3,
void *unused4)
{
DEBUG(0, ("WARNING: check_password_complexity: password script "
"took more than 1 second to run\n"));
}
/*
* Performs checks on a user password (plaintext UNIX format - attribute
@ -2032,12 +2041,18 @@ enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx,
return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
}
req = samba_runcmd_send(mem_ctx, event_ctx,
tevent_timeval_current_ofs(0, 10000000),
/* Gives a warning after 1 second, terminates after 10 */
tevent_add_timer(event_ctx, event_ctx,
tevent_timeval_current_ofs(1, 0),
pwd_timeout_debug, NULL);
req = samba_runcmd_send(event_ctx, event_ctx,
tevent_timeval_current_ofs(10, 0),
100, 100, cmd, NULL);
run_cmd = tevent_req_data(req, struct samba_runcmd_state);
if (write(run_cmd->fd_stdin, utf8_pw, utf8_len) != utf8_len) {
TALLOC_FREE(password_script);
TALLOC_FREE(event_ctx);
return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
}
@ -2046,23 +2061,31 @@ enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx,
if (!tevent_req_poll(req, event_ctx)) {
TALLOC_FREE(password_script);
TALLOC_FREE(event_ctx);
return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
}
check_ret = samba_runcmd_recv(req, &error);
TALLOC_FREE(req);
TALLOC_FREE(event_ctx);
if (error == ETIMEDOUT) {
DEBUG(0, ("check_password_complexity: check password script took too long!\n"));
TALLOC_FREE(password_script);
return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
} else {
DEBUG(5,("check_password_complexity: check password script (%s) "
"returned [%d]\n", password_script, check_ret));
TALLOC_FREE(password_script);
if (check_ret != 0) {
DEBUG(1,("check_password_complexity: "
"check password script said new password is not good "
"enough!\n"));
TALLOC_FREE(password_script);
return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
}
}
TALLOC_FREE(password_script);
return SAMR_VALIDATION_STATUS_SUCCESS;
}