svn commit: samba r21144 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_24/source/nsswitch
gd at samba.org
gd at samba.org
Mon Feb 5 14:43:06 GMT 2007
Author: gd
Date: 2007-02-05 14:43:06 +0000 (Mon, 05 Feb 2007)
New Revision: 21144
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21144
Log:
Create more accurate warning message when the pam_winbind chauthtok has
received NT_STATUS_PASSWORD_RESTRICTION.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c 2007-02-05 14:34:12 UTC (rev 21143)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c 2007-02-05 14:43:06 UTC (rev 21144)
@@ -737,6 +737,75 @@
return result;
}
+/**
+ * Compose Password Restriction String for a PAM_ERROR_MSG conversation.
+ *
+ * @param response The struct winbindd_response.
+ *
+ * @return string (caller needs to free).
+ */
+
+static char *_pam_compose_pwd_restriction_string(struct winbindd_response *response)
+{
+ char *str = NULL;
+ size_t offset = 0, ret = 0, str_size = 1024;
+
+ str = (char *)malloc(str_size);
+ if (!str) {
+ return NULL;
+ }
+
+ memset(str, '\0', str_size);
+
+ offset = snprintf(str, str_size, "Your password ");
+ if (offset == -1) {
+ goto failed;
+ }
+
+ if (response->data.auth.policy.min_length_password > 0) {
+ ret = snprintf(str+offset, str_size-offset,
+ "must be at least %d characters; ",
+ response->data.auth.policy.min_length_password);
+ if (ret == -1) {
+ goto failed;
+ }
+ offset += ret;
+ }
+
+ if (response->data.auth.policy.password_history > 0) {
+ ret = snprintf(str+offset, str_size-offset,
+ "cannot repeat any of your previous %d passwords; ",
+ response->data.auth.policy.password_history);
+ if (ret == -1) {
+ goto failed;
+ }
+ offset += ret;
+ }
+
+ if (response->data.auth.policy.password_properties & DOMAIN_PASSWORD_COMPLEX) {
+ ret = snprintf(str+offset, str_size-offset,
+ "must contain capitals, numerals or punctuation; "
+ "and cannot contain your account or full name; ");
+ if (ret == -1) {
+ goto failed;
+ }
+ offset += ret;
+ }
+
+ ret = snprintf(str+offset, str_size-offset,
+ "Please type a different password. "
+ "Type a password which meets these requirements in both text boxes.");
+ if (ret == -1) {
+ goto failed;
+ }
+
+ return str;
+
+ failed:
+ SAFE_FREE(str);
+ return NULL;
+}
+
/* talk to winbindd */
static int winbind_auth_request(pam_handle_t * pamh,
int ctrl,
@@ -1002,6 +1071,8 @@
if (!strcasecmp(response.data.auth.nt_status_string, "NT_STATUS_PASSWORD_RESTRICTION")) {
+ char *pwd_restriction_string = NULL;
+
/* FIXME: avoid to send multiple PAM messages after another */
switch (response.data.auth.reject_reason) {
case -1:
@@ -1028,18 +1099,11 @@
break;
}
- _make_remark_format(pamh, PAM_ERROR_MSG,
- "Your password must be at least %d characters; "
- "cannot repeat any of the your previous %d passwords"
- "%s. "
- "Please type a different password. "
- "Type a password which meets these requirements in both text boxes.",
- response.data.auth.policy.min_length_password,
- response.data.auth.policy.password_history,
- (response.data.auth.policy.password_properties & DOMAIN_PASSWORD_COMPLEX) ?
- "; must contain capitals, numerals or punctuation; and cannot contain your account or full name" :
- "");
-
+ pwd_restriction_string = _pam_compose_pwd_restriction_string(&response);
+ if (pwd_restriction_string) {
+ _make_remark(pamh, PAM_ERROR_MSG, pwd_restriction_string);
+ SAFE_FREE(pwd_restriction_string);
+ }
}
return ret;
Modified: branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c 2007-02-05 14:34:12 UTC (rev 21143)
+++ branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c 2007-02-05 14:43:06 UTC (rev 21144)
@@ -460,6 +460,75 @@
/* no warning sent */
}
+/**
+ * Compose Password Restriction String for a PAM_ERROR_MSG conversation.
+ *
+ * @param response The struct winbindd_response.
+ *
+ * @return string (caller needs to free).
+ */
+
+static char *_pam_compose_pwd_restriction_string(struct winbindd_response *response)
+{
+ char *str = NULL;
+ size_t offset = 0, ret = 0, str_size = 1024;
+
+ str = (char *)malloc(str_size);
+ if (!str) {
+ return NULL;
+ }
+
+ memset(str, '\0', str_size);
+
+ offset = snprintf(str, str_size, "Your password ");
+ if (offset == -1) {
+ goto failed;
+ }
+
+ if (response->data.auth.policy.min_length_password > 0) {
+ ret = snprintf(str+offset, str_size-offset,
+ "must be at least %d characters; ",
+ response->data.auth.policy.min_length_password);
+ if (ret == -1) {
+ goto failed;
+ }
+ offset += ret;
+ }
+
+ if (response->data.auth.policy.password_history > 0) {
+ ret = snprintf(str+offset, str_size-offset,
+ "cannot repeat any of your previous %d passwords; ",
+ response->data.auth.policy.password_history);
+ if (ret == -1) {
+ goto failed;
+ }
+ offset += ret;
+ }
+
+ if (response->data.auth.policy.password_properties & DOMAIN_PASSWORD_COMPLEX) {
+ ret = snprintf(str+offset, str_size-offset,
+ "must contain capitals, numerals or punctuation; "
+ "and cannot contain your account or full name; ");
+ if (ret == -1) {
+ goto failed;
+ }
+ offset += ret;
+ }
+
+ ret = snprintf(str+offset, str_size-offset,
+ "Please type a different password. "
+ "Type a password which meets these requirements in both text boxes.");
+ if (ret == -1) {
+ goto failed;
+ }
+
+ return str;
+
+ failed:
+ SAFE_FREE(str);
+ return NULL;
+}
+
/* talk to winbindd */
static int winbind_auth_request(pam_handle_t * pamh,
int ctrl,
@@ -745,6 +814,8 @@
if (!strcasecmp(response.data.auth.nt_status_string, "NT_STATUS_PASSWORD_RESTRICTION")) {
+ char *pwd_restriction_string = NULL;
+
/* FIXME: avoid to send multiple PAM messages after another */
switch (response.data.auth.reject_reason) {
case -1:
@@ -771,18 +842,11 @@
break;
}
- _make_remark_format(pamh, PAM_ERROR_MSG,
- "Your password must be at least %d characters; "
- "cannot repeat any of the your previous %d passwords"
- "%s. "
- "Please type a different password. "
- "Type a password which meets these requirements in both text boxes.",
- response.data.auth.policy.min_length_password,
- response.data.auth.policy.password_history,
- (response.data.auth.policy.password_properties & DOMAIN_PASSWORD_COMPLEX) ?
- "; must contain capitals, numerals or punctuation; and cannot contain your account or full name" :
- "");
-
+ pwd_restriction_string = _pam_compose_pwd_restriction_string(&response);
+ if (pwd_restriction_string) {
+ _make_remark(pamh, PAM_ERROR_MSG, pwd_restriction_string);
+ SAFE_FREE(pwd_restriction_string);
+ }
}
return ret;
More information about the samba-cvs
mailing list