[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Fri Nov 6 07:20:41 MST 2009 

The branch, master has been updated
       via  7cf98ab... s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password"
       via  bb531b0... s4:samdb_validate_password - Adapt the function to use the UNIX charset for the password data blob
       via  17d6506... s4:torture/samr - Add status code on "ValidatePassword" test output
       via  9f48166... s4:torture/samr - Activate "ValidatePassword" test per default
       via  6afee5f... s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer
      from  11687e8... s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7cf98abd031e819d884c08d2968afb3989446b7c
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Nov 6 15:17:22 2009 +0100

    s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password"
    
    I've forgotten that PIDL converts UTF16 parameters automatically back to the
    UNIX charset (in most cases UTF16). So I don't have to do this here.

commit bb531b039902fa613d7462e0bc2114326808d9fe
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Nov 6 15:15:53 2009 +0100

    s4:samdb_validate_password - Adapt the function to use the UNIX charset for the password data blob

commit 17d6506c9e9e4033c6932bbc9b562bec0cb08a89
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Nov 6 12:32:47 2009 +0100

    s4:torture/samr - Add status code on "ValidatePassword" test output

commit 9f481664fb106fae7eea2774b45c5f6b2c3626cf
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Nov 6 12:16:30 2009 +0100

    s4:torture/samr - Activate "ValidatePassword" test per default

commit 6afee5f13074b375ded8d373d3ab12e9d35b47fd
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Nov 6 12:10:42 2009 +0100

    s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/common/util.c            |   27 +++++++--------------------
 source4/rpc_server/samr/dcesrv_samr.c |   19 +++++++++----------
 source4/torture/rpc/samr.c            |   11 ++++-------
 3 files changed, 20 insertions(+), 37 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d953e63..76a4efc 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1574,37 +1574,24 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
 
 
 /*
- * Performs checks on a user password (plaintext UTF 16 format - attribute
+ * Performs checks on a user password (plaintext UNIX format - attribute
  * "password"). The remaining parameters have to be extracted from the domain
  * object in the AD.
  *
  * Result codes from "enum samr_ValidationStatus" (consider "samr.idl")
  */
-enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx,
-						struct loadparm_context *lp_ctx,
-						const DATA_BLOB *password,
+enum samr_ValidationStatus samdb_check_password(const DATA_BLOB *password,
 						const uint32_t pwdProperties,
 						const uint32_t minPwdLength)
 {
-	char *utf8_password;
-	size_t utf8_password_len;
-
 	/* checks if the "minPwdLength" property is satisfied */
-	if (minPwdLength > utf16_len_n(password->data, password->length) / 2)
+	if (minPwdLength > password->length)
 		return SAMR_VALIDATION_STATUS_PWD_TOO_SHORT;
 
-	/* Try to convert the password to UTF8 and perform other checks */
-	if (convert_string_talloc_convenience(mem_ctx,
-					      lp_iconv_convenience(lp_ctx),
-					      CH_UTF16MUNGED, CH_UTF8,
-					      password->data, password->length,
-					      (void **)&utf8_password,
-					      &utf8_password_len, false)) {
-		/* checks the password complexity */
-		if (((pwdProperties & DOMAIN_PASSWORD_COMPLEX) != 0)
-				&& (!check_password_quality(utf8_password)))
-			return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
-	}
+	/* checks the password complexity */
+	if (((pwdProperties & DOMAIN_PASSWORD_COMPLEX) != 0)
+			&& (!check_password_quality((const char *) password->data)))
+		return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
 
 	return SAMR_VALIDATION_STATUS_SUCCESS;
 }
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index eecc00d..31c437e 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -4366,6 +4366,7 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
 					     struct samr_ValidatePassword *r)
 {
 	struct samr_GetDomPwInfo r2;
+	struct samr_PwInfo pwInfo;
 	DATA_BLOB password;
 	enum samr_ValidationStatus res;
 	NTSTATUS status;
@@ -4373,6 +4374,7 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
 	(*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
 
 	r2.in.domain_name = NULL;
+	r2.out.info = &pwInfo;
 	status = dcesrv_samr_GetDomPwInfo(dce_call, mem_ctx, &r2);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -4386,21 +4388,18 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
 	case NetValidatePasswordChange:
 		password = data_blob_const(r->in.req->req2.password.string,
 					   r->in.req->req2.password.length);
-		res = samdb_check_password(mem_ctx,
-					   dce_call->conn->dce_ctx->lp_ctx,
-					   &password,
-					   r2.out.info->password_properties,
-					   r2.out.info->min_password_length);
+		res = samdb_check_password(&password,
+					   pwInfo.password_properties,
+					   pwInfo.min_password_length);
 		(*r->out.rep)->ctr2.status = res;
 	break;
 	case NetValidatePasswordReset:
+printf("Length/Size: %i|%i\n", r->in.req->req3.password.length, r->in.req->req3.password.size);
 		password = data_blob_const(r->in.req->req3.password.string,
 					   r->in.req->req3.password.length);
-		res = samdb_check_password(mem_ctx,
-					   dce_call->conn->dce_ctx->lp_ctx,
-					   &password,
-					   r2.out.info->password_properties,
-					   r2.out.info->min_password_length);
+		res = samdb_check_password(&password,
+					   pwInfo.password_properties,
+					   pwInfo.min_password_length);
 		(*r->out.rep)->ctr3.status = res;
 	break;
 	}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 5462e3a..3f59637 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -6779,9 +6779,9 @@ static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, struct torture_con
 		req.req3.password.string = passwords[i];
 		status = dcerpc_samr_ValidatePassword(p, tctx, &r);
 		torture_assert_ntstatus_ok(tctx, status, "samr_ValidatePassword");
-		torture_comment(tctx, "Server %s password '%s'\n", 
+		torture_comment(tctx, "Server %s password '%s' with code %i\n",
 				repp->ctr3.status==SAMR_VALIDATION_STATUS_SUCCESS?"allowed":"refused",
-				req.req3.password.string);
+				req.req3.password.string, repp->ctr3.status);
 	}
 
 	return true;	
@@ -6799,11 +6799,6 @@ bool torture_rpc_samr(struct torture_context *torture)
 		return false;
 	}
 
-
-	if (torture_setting_bool(torture, "dangerous", false)) {
-		ret &= test_samr_ValidatePassword(p, torture);
-	}
-
 	ret &= test_Connect(p, torture, &handle);
 
 	if (!torture_setting_bool(torture, "samba3", false)) {
@@ -6870,6 +6865,8 @@ bool torture_rpc_samr_passwords(struct torture_context *torture)
 
 	ret &= test_samr_handle_Close(p, torture, &handle);
 
+	ret &= test_samr_ValidatePassword(p, torture);
+
 	return ret;
 }
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list