[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Nov 6 07:20:41 MST 2009
The branch, master has been updated
via 7cf98ab... s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password"
via bb531b0... s4:samdb_validate_password - Adapt the function to use the UNIX charset for the password data blob
via 17d6506... s4:torture/samr - Add status code on "ValidatePassword" test output
via 9f48166... s4:torture/samr - Activate "ValidatePassword" test per default
via 6afee5f... s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer
from 11687e8... s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7cf98abd031e819d884c08d2968afb3989446b7c
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 6 15:17:22 2009 +0100
s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password"
I've forgotten that PIDL converts UTF16 parameters automatically back to the
UNIX charset (in most cases UTF16). So I don't have to do this here.
commit bb531b039902fa613d7462e0bc2114326808d9fe
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 6 15:15:53 2009 +0100
s4:samdb_validate_password - Adapt the function to use the UNIX charset for the password data blob
commit 17d6506c9e9e4033c6932bbc9b562bec0cb08a89
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 6 12:32:47 2009 +0100
s4:torture/samr - Add status code on "ValidatePassword" test output
commit 9f481664fb106fae7eea2774b45c5f6b2c3626cf
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 6 12:16:30 2009 +0100
s4:torture/samr - Activate "ValidatePassword" test per default
commit 6afee5f13074b375ded8d373d3ab12e9d35b47fd
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Nov 6 12:10:42 2009 +0100
s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 27 +++++++--------------------
source4/rpc_server/samr/dcesrv_samr.c | 19 +++++++++----------
source4/torture/rpc/samr.c | 11 ++++-------
3 files changed, 20 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d953e63..76a4efc 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1574,37 +1574,24 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
/*
- * Performs checks on a user password (plaintext UTF 16 format - attribute
+ * Performs checks on a user password (plaintext UNIX format - attribute
* "password"). The remaining parameters have to be extracted from the domain
* object in the AD.
*
* Result codes from "enum samr_ValidationStatus" (consider "samr.idl")
*/
-enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx,
- const DATA_BLOB *password,
+enum samr_ValidationStatus samdb_check_password(const DATA_BLOB *password,
const uint32_t pwdProperties,
const uint32_t minPwdLength)
{
- char *utf8_password;
- size_t utf8_password_len;
-
/* checks if the "minPwdLength" property is satisfied */
- if (minPwdLength > utf16_len_n(password->data, password->length) / 2)
+ if (minPwdLength > password->length)
return SAMR_VALIDATION_STATUS_PWD_TOO_SHORT;
- /* Try to convert the password to UTF8 and perform other checks */
- if (convert_string_talloc_convenience(mem_ctx,
- lp_iconv_convenience(lp_ctx),
- CH_UTF16MUNGED, CH_UTF8,
- password->data, password->length,
- (void **)&utf8_password,
- &utf8_password_len, false)) {
- /* checks the password complexity */
- if (((pwdProperties & DOMAIN_PASSWORD_COMPLEX) != 0)
- && (!check_password_quality(utf8_password)))
- return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
- }
+ /* checks the password complexity */
+ if (((pwdProperties & DOMAIN_PASSWORD_COMPLEX) != 0)
+ && (!check_password_quality((const char *) password->data)))
+ return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
return SAMR_VALIDATION_STATUS_SUCCESS;
}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index eecc00d..31c437e 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -4366,6 +4366,7 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
struct samr_ValidatePassword *r)
{
struct samr_GetDomPwInfo r2;
+ struct samr_PwInfo pwInfo;
DATA_BLOB password;
enum samr_ValidationStatus res;
NTSTATUS status;
@@ -4373,6 +4374,7 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
(*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
r2.in.domain_name = NULL;
+ r2.out.info = &pwInfo;
status = dcesrv_samr_GetDomPwInfo(dce_call, mem_ctx, &r2);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -4386,21 +4388,18 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
case NetValidatePasswordChange:
password = data_blob_const(r->in.req->req2.password.string,
r->in.req->req2.password.length);
- res = samdb_check_password(mem_ctx,
- dce_call->conn->dce_ctx->lp_ctx,
- &password,
- r2.out.info->password_properties,
- r2.out.info->min_password_length);
+ res = samdb_check_password(&password,
+ pwInfo.password_properties,
+ pwInfo.min_password_length);
(*r->out.rep)->ctr2.status = res;
break;
case NetValidatePasswordReset:
+printf("Length/Size: %i|%i\n", r->in.req->req3.password.length, r->in.req->req3.password.size);
password = data_blob_const(r->in.req->req3.password.string,
r->in.req->req3.password.length);
- res = samdb_check_password(mem_ctx,
- dce_call->conn->dce_ctx->lp_ctx,
- &password,
- r2.out.info->password_properties,
- r2.out.info->min_password_length);
+ res = samdb_check_password(&password,
+ pwInfo.password_properties,
+ pwInfo.min_password_length);
(*r->out.rep)->ctr3.status = res;
break;
}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 5462e3a..3f59637 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -6779,9 +6779,9 @@ static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, struct torture_con
req.req3.password.string = passwords[i];
status = dcerpc_samr_ValidatePassword(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "samr_ValidatePassword");
- torture_comment(tctx, "Server %s password '%s'\n",
+ torture_comment(tctx, "Server %s password '%s' with code %i\n",
repp->ctr3.status==SAMR_VALIDATION_STATUS_SUCCESS?"allowed":"refused",
- req.req3.password.string);
+ req.req3.password.string, repp->ctr3.status);
}
return true;
@@ -6799,11 +6799,6 @@ bool torture_rpc_samr(struct torture_context *torture)
return false;
}
-
- if (torture_setting_bool(torture, "dangerous", false)) {
- ret &= test_samr_ValidatePassword(p, torture);
- }
-
ret &= test_Connect(p, torture, &handle);
if (!torture_setting_bool(torture, "samba3", false)) {
@@ -6870,6 +6865,8 @@ bool torture_rpc_samr_passwords(struct torture_context *torture)
ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_samr_ValidatePassword(p, torture);
+
return ret;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list