svn commit: samba r24963 - in branches/SAMBA_3_0_25/source/smbd: .
idra at samba.org
idra at samba.org
Wed Sep 5 12:40:15 GMT 2007
Author: idra
Date: 2007-09-05 12:40:15 +0000 (Wed, 05 Sep 2007)
New Revision: 24963
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24963
Log:
Older patch that I forgot to commit
Actually prevent machine from changing the password if we are configured so
Modified:
branches/SAMBA_3_0_25/source/smbd/chgpasswd.c
Changeset:
Modified: branches/SAMBA_3_0_25/source/smbd/chgpasswd.c
===================================================================
--- branches/SAMBA_3_0_25/source/smbd/chgpasswd.c 2007-09-05 09:44:05 UTC (rev 24962)
+++ branches/SAMBA_3_0_25/source/smbd/chgpasswd.c 2007-09-05 12:40:15 UTC (rev 24963)
@@ -1019,6 +1019,7 @@
NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, BOOL as_root, uint32 *samr_reject_reason)
{
uint32 min_len;
+ uint32 refuse;
struct passwd *pass = NULL;
const char *username = pdb_get_username(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
@@ -1036,6 +1037,21 @@
return NT_STATUS_ACCOUNT_RESTRICTION;
}
+ /* check to see if it is a Machine account and if the policy
+ * denies machines to change the password. *
+ * Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */
+ if (pdb_get_acct_ctrl(hnd) & ACB_WSTRUST) {
+ if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
+ DEBUG(1, ("Machine %s cannot change password now, "
+ "denied by Refuse Machine Password Change policy\n",
+ username));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
+ return NT_STATUS_ACCOUNT_RESTRICTION;
+ }
+ }
+
/* removed calculation here, becuase passdb now calculates
based on policy. jmcd */
if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
More information about the samba-cvs
mailing list