[S4] PW Settings being ignored?

Stefan (metze) Metzmacher metze at samba.org
Fri Nov 26 09:29:53 MST 2010


Am 26.11.2010 17:24, schrieb Brian C. Huffman:
> So, I added some debugging to the code and it appears that for some
> reason, even though I've set the history length to 0 in the pwsettings,
> it's got a length of "4" from somewhere:
> 
>                 /* checks the NT hash password history */
>                 for (i = 0; i < io->o.nt_history_len; i++) {
>                         ret = memcmp(io->n.nt_hash,
> io->o.nt_history[i].hash, 16);
>                         if (ret == 0) {
>                                 ret = LDB_ERR_CONSTRAINT_VIOLATION;
>                                 ldb_asprintf_errstring(ldb,
>                                         "%08X: %s -
> check_password_restrictions: "
> -                                        "the password was already used
> (in history)!",
> +                                        "the password was already used
> (in history)! History length: %d",
>                                        
> W_ERROR_V(WERR_PASSWORD_RESTRICTION),
> -                                        ldb_strerror(ret));
> +                                        ldb_strerror(ret),
> io->o.nt_history_len);
>                                 io->ac->status->reject_reason =
> SAM_PWD_CHANGE_PWD_IN_HISTORY;
>                                 return ret;
>                         }
>                 }
> 
> yields:
> 
> msg: 0000052D: Constraint violation - check_password_restrictions: the
> password was already used (in history)! History length: 4

That's the length of the stored history.

Maybe we should use MIN(io->o.nt_history_len,
io->ac->status->domain_data.pwdHistoryLength),
but that needs testing...

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101126/e0df6e3d/attachment.pgp>


More information about the samba-technical mailing list