[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-1768-gb335618
Andrew Tridgell
tridge at samba.org
Mon May 25 05:24:14 GMT 2009
The branch, master has been updated
via b335618d1743599588902cfd2be4ae37150b239d (commit)
from 4dcc058ea1d98e40f59f2726c4dd37a98401b258 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b335618d1743599588902cfd2be4ae37150b239d
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon May 25 15:23:54 2009 +1000
fixed interpretation of ACB_PWNOTREQ
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
-----------------------------------------------------------------------
Summary of changes:
source4/auth/ntlm/auth_sam.c | 14 --------------
source4/dsdb/common/util.c | 7 ++++++-
2 files changed, 6 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 2b9b928..e99d0e1 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -152,20 +152,6 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
{
NTSTATUS status;
- if (acct_flags & ACB_PWNOTREQ) {
- if (lp_null_passwords(auth_context->lp_ctx)) {
- DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n",
- user_info->mapped.account_name));
- *lm_sess_key = data_blob(NULL, 0);
- *user_sess_key = data_blob(NULL, 0);
- return NT_STATUS_OK;
- } else {
- DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n",
- user_info->mapped.account_name));
- return NT_STATUS_LOGON_FAILURE;
- }
- }
-
switch (user_info->password_state) {
case AUTH_PASSWORD_PLAIN:
{
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 19eb343..b9aceab 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1658,6 +1658,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
minPwdLength = samdb_result_uint(res[0], "minPwdLength", 0);
minPwdAge = samdb_result_int64(res[0], "minPwdAge", 0);
+ if (userAccountControl & UF_PASSWD_NOTREQD) {
+ /* see [MS-ADTS] 2.2.15 */
+ minPwdLength = 0;
+ }
+
if (_dominfo) {
struct samr_DomInfo1 *dominfo;
/* on failure we need to fill in the reject reasons */
@@ -1697,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* possibly check password complexity */
- if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
+ if (restrictions && (pwdProperties & DOMAIN_PASSWORD_COMPLEX) &&
!samdb_password_complexity_ok(new_pass)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY;
--
Samba Shared Repository
More information about the samba-cvs
mailing list