--with-cracklib for Samba
Pierre Belanger
pbelang1 at oss.cantel.rogers.com
Thu Jan 16 19:45:01 GMT 2003
Hi,
I need "expert" comments on the following, it's "kind of"
related to "cracklib". I could dig another 3 hours in the
code but I prefer to keep that 3 hours for cracklib ;-)
- rpc_server/srv_samr_nt.c line ~ 2836 & line ~ 2898 :
/* update the UNIX password */
if (lp_unix_password_sync() )
if(!chgpasswd(pdb_get_username(pwd), "",
plaintext_buf, True)) {
pdb_free_sam(&pwd);
return False;
}
}
ZERO_STRUCT(plaintext_buf);
if(!pdb_update_sam_account(pwd)) {
pdb_free_sam(&pwd);
return False;
}
[Q] can't we use change_oem_password()?
From smbd/chgpasswd.c line ~ 986. The only big
difference is the IS_SAM_UNIX_USER plus the
"become_root()" before calling pdb_update_sam_account().
[ My previous words is what I'd need to dig into... ]
if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd)
&& !chgpasswd(pdb_get_username(hnd),
old_passwd, new_passwd, False)) {
return NT_STATUS_ACCESS_DENIED;
}
if (!pdb_set_plaintext_passwd (hnd, new_passwd)) {
return NT_STATUS_ACCESS_DENIED;
}
/* Now write it into the file. */
become_root();
ret = pdb_update_sam_account (hnd);
unbecome_root();
If we can use change_oem_password() in
rpc_server/srv_samr_nt.c
then I guess we can also remove the following from
smbd/chgpasswd.c ~ line 492 in chgpasswd() since we
already check for this in change_oem_password() :
/* Take the passed information and test it for minimum criteria */
/* Minimum password length */
if (strlen(newpass) < lp_min_passwd_length()) {
/* too short, must be at least MINPASSWDLENGTH */
DEBUG(0, ("Password Change: user %s, New password is shorter"
"than minimum password length = %d\n",
name, lp_min_passwd_length()));
return (False); /* inform the user */
}
If we can't use it, is it because we want to skip the
account_policy_get() in change_oem_password()? I'd also
like to move from smbd/chgpasswd.c line 501 in chgpasswd()
/* Password is same as old password */
if (strcmp(oldpass, newpass) == 0) {
to change_oem_password , so all "check / policy to change
passwords would call from the same place".
I hope I was clear enough, "excuse my French!!". No need
to answer me today on this.
Thank you very much,
Pierre B.
More information about the samba-technical
mailing list