sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

Browse Source 
This is keep compatibility with the AD DC usage.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher
2019-02-02 13:19:31 +01:00
committed by Andrew Bartlett
parent c4131b610c
commit cef1d2ab8c
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
source3/rpc_server/samr/srv_samr_chgpasswd.c
View File

@ -941,6 +941,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
************************************************************/
NTSTATUS check_password_complexity(const char *username,
const char *fullname,
const char *password,
enum samPwdChangeReason *samr_reject_reason)
{
@ -960,7 +961,23 @@ NTSTATUS check_password_complexity(const char *username,
return NT_STATUS_PASSWORD_RESTRICTION;
}
check_ret = setenv("SAMBA_CPS_ACCOUNT_NAME", username, 1);
if (check_ret != 0) {
return map_nt_error_from_unix_common(errno);
}
unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
if (fullname != NULL) {
check_ret = setenv("SAMBA_CPS_FULL_NAME", fullname, 1);
} else {
unsetenv("SAMBA_CPS_FULL_NAME");
}
if (check_ret != 0) {
return map_nt_error_from_unix_common(errno);
}
check_ret = smbrunsecret(cmd, password);
unsetenv("SAMBA_CPS_ACCOUNT_NAME");
unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
unsetenv("SAMBA_CPS_FULL_NAME");
DEBUG(5,("check_password_complexity: check password script (%s) "
"returned [%d]\n", cmd, check_ret));
TALLOC_FREE(cmd);
@ -995,6 +1012,7 @@ static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
TALLOC_CTX *tosctx = talloc_tos();
struct passwd *pass = NULL;
const char *username = pdb_get_username(hnd);
const char *fullname = pdb_get_fullname(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
NTSTATUS status;
@ -1062,7 +1080,10 @@ static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
return NT_STATUS_ACCESS_DENIED;
}
status = check_password_complexity(username, new_passwd, samr_reject_reason);
status = check_password_complexity(username,
fullname,
new_passwd,
samr_reject_reason);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(pass);
return status;

2
source3/rpc_server/samr/srv_samr_nt.c
View File

@ -6725,6 +6725,7 @@ static enum samr_ValidationStatus samr_ValidatePassword_Change(TALLOC_CTX *mem_c
}
if (dom_pw_info->password_properties & DOMAIN_PASSWORD_COMPLEX) {
status = check_password_complexity(req->account.string,
NULL, /* full_name */
req->password.string,
NULL);
if (!NT_STATUS_IS_OK(status)) {
@ -6755,6 +6756,7 @@ static enum samr_ValidationStatus samr_ValidatePassword_Reset(TALLOC_CTX *mem_ct
}
if (dom_pw_info->password_properties & DOMAIN_PASSWORD_COMPLEX) {
status = check_password_complexity(req->account.string,
NULL, /* full_name */
req->password.string,
NULL);
if (!NT_STATUS_IS_OK(status)) {

1
source3/rpc_server/samr/srv_samr_util.h
View File

@ -75,5 +75,6 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
const uchar old_nt_hash_encrypted[16],
enum samPwdChangeReason *reject_reason);
NTSTATUS check_password_complexity(const char *username,
const char *fullname,
const char *password,
enum samPwdChangeReason *samr_reject_reason);