Author: gd Date: 2006-09-18 21:00:00 +0000 (Mon, 18 Sep 2006) New Revision: 18636
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18636 Log: Excessive testing with pam_winbind within Samba3 revealed a new samr reject reason code while password changing: SAMR_REJECT_IN_HISTORY which is different from SAMR_REJECT_COMPLEXITY. torture test to follow as well. Guenther Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/kdc/kpasswdd.c branches/SAMBA_4_0/source/librpc/idl/misc.idl Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c =================================================================== --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c 2006-09-18 20:56:54 UTC (rev 18635) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c 2006-09-18 21:00:00 UTC (rev 18636) @@ -1282,13 +1282,13 @@ if (pwdHistoryLength > 0) { if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash, lmPwdHash->hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash, ntPwdHash->hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } @@ -1301,7 +1301,7 @@ for (i=0; lmNewHash && i<sambaLMPwdHistory_len;i++) { if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } @@ -1309,7 +1309,7 @@ for (i=0; ntNewHash && i<sambaNTPwdHistory_len;i++) { if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } Modified: branches/SAMBA_4_0/source/kdc/kpasswdd.c =================================================================== --- branches/SAMBA_4_0/source/kdc/kpasswdd.c 2006-09-18 20:56:54 UTC (rev 18635) +++ branches/SAMBA_4_0/source/kdc/kpasswdd.c 2006-09-18 21:00:00 UTC (rev 18636) @@ -134,6 +134,9 @@ case SAMR_REJECT_COMPLEXITY: reject_string = "Password does not meet complexity requirements"; break; + case SAMR_REJECT_IN_HISTORY: + reject_string = "Password is already in password history"; + break; case SAMR_REJECT_OTHER: default: reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords", Modified: branches/SAMBA_4_0/source/librpc/idl/misc.idl =================================================================== --- branches/SAMBA_4_0/source/librpc/idl/misc.idl 2006-09-18 20:56:54 UTC (rev 18635) +++ branches/SAMBA_4_0/source/librpc/idl/misc.idl 2006-09-18 21:00:00 UTC (rev 18636) @@ -40,7 +40,8 @@ typedef [public,v1_enum] enum { SAMR_REJECT_OTHER = 0, SAMR_REJECT_TOO_SHORT = 1, - SAMR_REJECT_COMPLEXITY = 2 + SAMR_REJECT_IN_HISTORY = 2, + SAMR_REJECT_COMPLEXITY = 5 } samr_RejectReason;