IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This performs checks on direct password changes over LDB/LDAP. Indirect
password changes over the RPCs are already tested by some torture suite (SAMR
passwords). So no need to do this again here.
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.
An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
- Implement the password restrictions as specified in "samdb_set_password"
(complexity, minimum password length, minimum password age...).
- We support only (administrative) password reset operations at the moment
- Support password (administrative) reset and change operations (consider
MS-ADTS 3.1.1.3.1.5)
- Enhance comments
- Get some more attributes from the domain and user object (needed later)
- Check for right objectclass on change/set operations (instances of
"user" and/or "inetOrgPerson") - otherwise forward the request
- (Cosmetic) cleanup in asynchronous results regarding return values
- Add a new control for getting status informations (domain informations,
password change status) directly from the module
- Add a new control for allowing direct hash changes
- Introduce an addtional control "change_old password checked" for the password
- Added support for replicating hosts versus hosts in different domains
- Added switches for the following modes:
= two - ignores additional attributes that cannot be the same
in two different provisions (domains)
= quiet - display nothing, only return code
= verbose - display all dn objects through compare fase
= default - display only objects with differences
- Added more placeholders for nETBIOSDomainName and ServerName
__attribute__((destructor)) makes winbind_close_sock() being called at
dlclose() time.
Found while testing apache on Linux with mod_auth_pam.
Other platforms will have to find a different fix. One possibility would be to
always close the socket after each operation, but this badly sucks
performance-wise.
This is needed since we have not only reset operations on password fields
(attributes marked with REPLACE flag) but also change operations which can be
performed by users itself. They have one attribute with the old value marked
with the REMOVE flag and one with the new one marked with the ADD flag.
This function helps to retrieve them (argument "new" is used for the new
password on both reset and change).