[SCM] Samba Shared Repository - branch master updated

Mon May 10 15:50:43 MDT 2010

The branch, master has been updated
       via  5642188... s4:password_hash LDB module - we might not have a cleartext password at all
      from  ae9fe3c... SMB2 always have level2 oplock capability. Correct mapping from break messages to SMB2 oplock levels.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 56421886de87aa32ba6ea2badbc2d40b2ca8011d
Author: Matthias Dieter WallnÃ¶fer <mdw at samba.org>
Date:   Mon May 10 23:46:21 2010 +0200

    s4:password_hash LDB module - we might not have a cleartext password at all
    
    When we don't have the cleartext of the new password then don't check it
    using "samdb_check_password".

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/password_hash.c |   57 ++++++++++++-----------
 1 files changed, 30 insertions(+), 27 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index a1ffdc0..0334c6d 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1533,40 +1533,43 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
 	}
 
 	/*
-	 * Fundamental password checks done by the call "samdb_check_password".
+	 * Fundamental password checks done by the call
+	 * "samdb_check_password".
 	 * It is also in use by "dcesrv_samr_ValidatePassword".
 	 */
-	stat = samdb_check_password(io->n.cleartext_utf8,
-				    io->ac->status->domain_data.pwdProperties,
-				    io->ac->status->domain_data.minPwdLength);
-	switch (stat) {
-	case SAMR_VALIDATION_STATUS_SUCCESS:
-		/* perfect -> proceed! */
-		break;
+	if (io->n.cleartext_utf8 != NULL) {
+		stat = samdb_check_password(io->n.cleartext_utf8,
+					    io->ac->status->domain_data.pwdProperties,
+					    io->ac->status->domain_data.minPwdLength);
+		switch (stat) {
+		case SAMR_VALIDATION_STATUS_SUCCESS:
+				/* perfect -> proceed! */
+			break;
 
-	case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT:
-		ldb_asprintf_errstring(ldb,
-			"check_password_restrictions: "
-			"the password is too short. It should be equal or longer than %i characters!",
-			io->ac->status->domain_data.minPwdLength);
+		case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT:
+			ldb_asprintf_errstring(ldb,
+				"check_password_restrictions: "
+				"the password is too short. It should be equal or longer than %i characters!",
+				io->ac->status->domain_data.minPwdLength);
 
-		io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
-		return LDB_ERR_CONSTRAINT_VIOLATION;
+			io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
+			return LDB_ERR_CONSTRAINT_VIOLATION;
 
-	case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH:
-		ldb_asprintf_errstring(ldb,
-			"check_password_restrictions: "
-			"the password does not meet the complexity criterias!");
-		io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
+		case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH:
+			ldb_asprintf_errstring(ldb,
+				"check_password_restrictions: "
+				"the password does not meet the complexity criterias!");
+			io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
 
-		return LDB_ERR_CONSTRAINT_VIOLATION;
+			return LDB_ERR_CONSTRAINT_VIOLATION;
 
-	default:
-		ldb_asprintf_errstring(ldb,
-			"check_password_restrictions: "
-			"the password doesn't fit by a certain reason!");
+		default:
+			ldb_asprintf_errstring(ldb,
+				"check_password_restrictions: "
+				"the password doesn't fit by a certain reason!");
 
-		return LDB_ERR_CONSTRAINT_VIOLATION;
+			return LDB_ERR_CONSTRAINT_VIOLATION;
+		}
 	}
 
 	if (io->ac->pwd_reset) {


-- 
Samba Shared Repository
