svn commit: samba r15649 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/passdb trunk/source/include trunk/source/passdb

Tue May 16 22:03:07 GMT 2006

Author: gd
Date: 2006-05-16 22:03:05 +0000 (Tue, 16 May 2006)
New Revision: 15649

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15649

Log:
Allow to store 24 password history entries in ldapsam (same limit as on
Windows). Fixes bug #1914.

Guenther

Modified:
   branches/SAMBA_3_0/source/include/smb.h
   branches/SAMBA_3_0/source/passdb/pdb_ldap.c
   trunk/source/include/smb.h
   trunk/source/passdb/pdb_ldap.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/smb.h
===================================================================

--- branches/SAMBA_3_0/source/include/smb.h	2006-05-16 19:54:31 UTC (rev 15648)
+++ branches/SAMBA_3_0/source/include/smb.h	2006-05-16 22:03:05 UTC (rev 15649)
@@ -738,6 +738,7 @@
 #define PW_HISTORY_SALT_LEN 16
 #define SALTED_MD5_HASH_LEN 16
 #define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
+#define MAX_PW_HISTORY_LEN 24
 
 /*
  * Flags for account policy.

Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/pdb_ldap.c	2006-05-16 19:54:31 UTC (rev 15648)
+++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c	2006-05-16 22:03:05 UTC (rev 15649)
@@ -773,9 +773,9 @@
 	if (pwHistLen > 0){
 		uint8 *pwhist = NULL;
 		int i;
+		char history_string[MAX_PW_HISTORY_LEN*64];
 
-		/* We can only store (sizeof(pstring)-1)/64 password history entries. */
-		pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+		pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
 
 		if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
 			DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
@@ -783,19 +783,20 @@
 		}
 		memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
 
-		if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, 
-			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), temp)) {
+		if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
+						  get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
+						  history_string, sizeof(history_string))) {
 			/* leave as default - zeros */
 		} else {
 			BOOL hex_failed = False;
 			for (i = 0; i < pwHistLen; i++){
 				/* Get the 16 byte salt. */
-				if (!pdb_gethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
+				if (!pdb_gethexpwd(&history_string[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
 					hex_failed = True;
 					break;
 				}
 				/* Get the 16 byte MD5 hash of salt+passwd. */
-				if (!pdb_gethexpwd(&temp[(i*64)+32],
+				if (!pdb_gethexpwd(&history_string[(i*64)+32],
 						&pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) {
 					hex_failed = True;
 					break;

Modified: trunk/source/include/smb.h
===================================================================
--- trunk/source/include/smb.h	2006-05-16 19:54:31 UTC (rev 15648)
+++ trunk/source/include/smb.h	2006-05-16 22:03:05 UTC (rev 15649)
@@ -735,6 +735,7 @@
 #define PW_HISTORY_SALT_LEN 16
 #define SALTED_MD5_HASH_LEN 16
 #define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
+#define MAX_PW_HISTORY_LEN 24
 
 /*
  * Flags for account policy.

Modified: trunk/source/passdb/pdb_ldap.c
===================================================================
--- trunk/source/passdb/pdb_ldap.c	2006-05-16 19:54:31 UTC (rev 15648)
+++ trunk/source/passdb/pdb_ldap.c	2006-05-16 22:03:05 UTC (rev 15649)
@@ -773,9 +773,9 @@
 	if (pwHistLen > 0){
 		uint8 *pwhist = NULL;
 		int i;
+		char history_string[MAX_PW_HISTORY_LEN*64];
 
-		/* We can only store (sizeof(pstring)-1)/64 password history entries. */
-		pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+		pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
 
 		if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
 			DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
@@ -783,19 +783,20 @@
 		}
 		memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
 
-		if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, 
-			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), temp)) {
+		if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
+						  get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
+						  history_string, sizeof(history_string))) {
 			/* leave as default - zeros */
 		} else {
 			BOOL hex_failed = False;
 			for (i = 0; i < pwHistLen; i++){
 				/* Get the 16 byte salt. */
-				if (!pdb_gethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
+				if (!pdb_gethexpwd(&history_string[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
 					hex_failed = True;
 					break;
 				}
 				/* Get the 16 byte MD5 hash of salt+passwd. */
-				if (!pdb_gethexpwd(&temp[(i*64)+32],
+				if (!pdb_gethexpwd(&history_string[(i*64)+32],
 						&pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) {
 					hex_failed = True;
 					break;

