svn commit: samba r12987 - in trunk/source: include nsswitch
gd at samba.org
gd at samba.org
Tue Jan 17 21:26:42 GMT 2006
Author: gd
Date: 2006-01-17 21:26:42 +0000 (Tue, 17 Jan 2006)
New Revision: 12987
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12987
Log:
Flip order of pam_conversation messages on failed password change.
Also add REJECT_REASON_NOT_COMPLEX.
Guenther
Modified:
trunk/source/include/rpc_samr.h
trunk/source/nsswitch/pam_winbind.c
Changeset:
Modified: trunk/source/include/rpc_samr.h
===================================================================
--- trunk/source/include/rpc_samr.h 2006-01-17 21:22:00 UTC (rev 12986)
+++ trunk/source/include/rpc_samr.h 2006-01-17 21:26:42 UTC (rev 12987)
@@ -1845,6 +1845,7 @@
#define REJECT_REASON_TOO_SHORT 0x00000001
#define REJECT_REASON_IN_HISTORY 0x00000002
+#define REJECT_REASON_NOT_COMPLEX 0x00000005
/* SAMR_CHANGE_REJECT */
typedef struct samr_change_reject
Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================
--- trunk/source/nsswitch/pam_winbind.c 2006-01-17 21:22:00 UTC (rev 12986)
+++ trunk/source/nsswitch/pam_winbind.c 2006-01-17 21:26:42 UTC (rev 12987)
@@ -514,6 +514,26 @@
if (strequal(response.data.auth.nt_status_string, "NT_STATUS_PASSWORD_RESTRICTION")) {
+ /* FIXME: avoid to send multiple PAM messages after another */
+ switch (response.data.auth.reject_reason) {
+ case 0:
+ break;
+ case REJECT_REASON_TOO_SHORT:
+ PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PWD_TOO_SHORT");
+ break;
+ case REJECT_REASON_IN_HISTORY:
+ PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PWD_HISTORY_CONFLICT");
+ break;
+ case REJECT_REASON_NOT_COMPLEX:
+ _make_remark_format(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements");
+ break;
+ default:
+ _pam_log_debug(ctrl, LOG_DEBUG,
+ "unknown password change reject reason: %d",
+ response.data.auth.reject_reason);
+ break;
+ }
+
_make_remark_format(pamh, PAM_ERROR_MSG,
"Your password must be at least %d characters; "
"cannot repeat any of the your previous %d passwords"
@@ -526,15 +546,6 @@
"; must contain capitals, numerals or punctuation; and cannot contain your account or full name" :
"");
- /* FIXME: avoid to send multiple PAM messages after another */
- if (response.data.auth.reject_reason) {
- if (response.data.auth.reject_reason & REJECT_REASON_TOO_SHORT) {
- PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PWD_TOO_SHORT");
- }
- if (response.data.auth.reject_reason & REJECT_REASON_IN_HISTORY) {
- PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PWD_HISTORY_CONFLICT");
- }
- }
}
return ret;
@@ -907,7 +918,7 @@
return PAM_SUCCESS;
default:
/* we don't know anything about this return value */
- _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'",
+ _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s')",
retval, username);
return PAM_SERVICE_ERR;
}
More information about the samba-cvs
mailing list