[Patches] export SAMBA_CPS_{ACCOUNT, USER_PRINCIPAL, FULL}_NAME to check password script

Stefan Metzmacher metze at samba.org
Thu Feb 7 09:24:53 UTC 2019


Am 06.02.19 um 21:37 schrieb Stefan Metzmacher via samba-technical:
> Hi,
> 
> when the check password script is executed in the AD DC it won't get any
> information of the user and only the new password on stdin.
> 
> In the NT4 DC is may get '%u' substituted with the account name.
> 
> As the check password script is executed with /bin/sh -c
> and on the AD DC also as root (without substituting %u),
> Andrew asked to avoid adding %u.
> 
> The easiest solution (that won't break existing setups)
> we come up with is to export environment variables:
> SAMBA_CPS_ACCOUNT_NAME (always)
> SAMBA_CPS_USER_PRINCIPAL_NAME (if available)
> SAMBA_CPS_FULL_NAME (if available)
> 
> As a side effect this patchset also fixes the check password script
> tests on FreeBSD (with less 'sed' features).
> 
> Please review and push:-)
> 
> See https://gitlab.com/samba-team/samba/merge_requests/203

I just realized that I better check the return value of the
setenv() calls, I'll upload a new patchset soon.

metze


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190207/1d3d0bdb/signature.sig>


More information about the samba-technical mailing list