[PATCH] Add debug msgs, giving the reason for NT_STATUS_PASSWORD_RESTRICTION

Volker Lendecke vl at samba.org
Fri Sep 12 18:41:08 GMT 2008


---
 source/dsdb/common/util.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/source/dsdb/common/util.c b/source/dsdb/common/util.c
index fa8276e..f182d50 100644
--- a/source/dsdb/common/util.c
+++ b/source/dsdb/common/util.c
@@ -1641,6 +1641,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 
 		/* check the various password restrictions */
 		if (restrictions && minPwdLength > strlen_m(new_pass)) {
+			DEBUG(10, ("password too short\n"));
 			if (reject_reason) {
 				*reject_reason = SAMR_REJECT_TOO_SHORT;
 			}
@@ -1650,6 +1651,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 		/* possibly check password complexity */
 		if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
 		    !samdb_password_complexity_ok(new_pass)) {
+			DEBUG(10, ("password not complex enough\n"));
 			if (reject_reason) {
 				*reject_reason = SAMR_REJECT_COMPLEXITY;
 			}
@@ -1673,6 +1675,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 	if (user_change) {
 		/* are all password changes disallowed? */
 		if (pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) {
+			DEBUG(10, ("refusing pwd change\n"));
 			if (reject_reason) {
 				*reject_reason = SAMR_REJECT_OTHER;
 			}
@@ -1681,6 +1684,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 		
 		/* can this user change password? */
 		if (userAccountControl & UF_PASSWD_CANT_CHANGE) {
+			DEBUG(10, ("user cant change pwd\n"));
 			if (reject_reason) {
 				*reject_reason = SAMR_REJECT_OTHER;
 			}
@@ -1698,12 +1702,14 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 		/* check the immediately past password */
 		if (pwdHistoryLength > 0) {
 			if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash, lmPwdHash->hash, 16) == 0) {
+				DEBUG(10, ("new pwd in history\n"));
 				if (reject_reason) {
 					*reject_reason = SAMR_REJECT_IN_HISTORY;
 				}
 				return NT_STATUS_PASSWORD_RESTRICTION;
 			}
 			if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash, ntPwdHash->hash, 16) == 0) {
+				DEBUG(10, ("new pwd in history\n"));
 				if (reject_reason) {
 					*reject_reason = SAMR_REJECT_IN_HISTORY;
 				}
@@ -1717,6 +1723,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 		
 		for (i=0; lmNewHash && i<sambaLMPwdHistory_len;i++) {
 			if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash, 16) == 0) {
+				DEBUG(10, ("new pwd in history\n"));
 				if (reject_reason) {
 					*reject_reason = SAMR_REJECT_IN_HISTORY;
 				}
@@ -1725,6 +1732,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 		}
 		for (i=0; ntNewHash && i<sambaNTPwdHistory_len;i++) {
 			if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash, 16) == 0) {
+				DEBUG(10, ("new pwd in history\n"));
 				if (reject_reason) {
 					*reject_reason = SAMR_REJECT_IN_HISTORY;
 				}
-- 
1.5.5



More information about the samba-technical mailing list