[PATCH] Add debug msgs,
giving the reason for NT_STATUS_PASSWORD_RESTRICTION
Volker Lendecke
vl at samba.org
Fri Sep 12 18:41:08 GMT 2008
---
source/dsdb/common/util.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/source/dsdb/common/util.c b/source/dsdb/common/util.c
index fa8276e..f182d50 100644
--- a/source/dsdb/common/util.c
+++ b/source/dsdb/common/util.c
@@ -1641,6 +1641,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* check the various password restrictions */
if (restrictions && minPwdLength > strlen_m(new_pass)) {
+ DEBUG(10, ("password too short\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_TOO_SHORT;
}
@@ -1650,6 +1651,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* possibly check password complexity */
if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
!samdb_password_complexity_ok(new_pass)) {
+ DEBUG(10, ("password not complex enough\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY;
}
@@ -1673,6 +1675,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (user_change) {
/* are all password changes disallowed? */
if (pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) {
+ DEBUG(10, ("refusing pwd change\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER;
}
@@ -1681,6 +1684,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* can this user change password? */
if (userAccountControl & UF_PASSWD_CANT_CHANGE) {
+ DEBUG(10, ("user cant change pwd\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER;
}
@@ -1698,12 +1702,14 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* check the immediately past password */
if (pwdHistoryLength > 0) {
if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash, lmPwdHash->hash, 16) == 0) {
+ DEBUG(10, ("new pwd in history\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash, ntPwdHash->hash, 16) == 0) {
+ DEBUG(10, ("new pwd in history\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
}
@@ -1717,6 +1723,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
for (i=0; lmNewHash && i<sambaLMPwdHistory_len;i++) {
if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash, 16) == 0) {
+ DEBUG(10, ("new pwd in history\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
}
@@ -1725,6 +1732,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
}
for (i=0; ntNewHash && i<sambaNTPwdHistory_len;i++) {
if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash, 16) == 0) {
+ DEBUG(10, ("new pwd in history\n"));
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
}
--
1.5.5
More information about the samba-technical
mailing list