[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1768-gb335618

Sun, 24 May 2009 22:24:42 -0700 

The branch, master has been updated
       via  b335618d1743599588902cfd2be4ae37150b239d (commit)
      from  4dcc058ea1d98e40f59f2726c4dd37a98401b258 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b335618d1743599588902cfd2be4ae37150b239d
Author: Andrew Tridgell <tri...@samba.org>
Date:   Mon May 25 15:23:54 2009 +1000

    fixed interpretation of ACB_PWNOTREQ
    
    This bit actually means that we should ignore the minimum password
    length field for this user. It doesn't mean that the password should
    be seen as empty

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/ntlm/auth_sam.c |   14 --------------
 source4/dsdb/common/util.c   |    7 ++++++-
 2 files changed, 6 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 2b9b928..e99d0e1 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -152,20 +152,6 @@ static NTSTATUS authsam_password_ok(struct auth_context 
*auth_context,
 {
        NTSTATUS status;
 
-       if (acct_flags & ACB_PWNOTREQ) {
-               if (lp_null_passwords(auth_context->lp_ctx)) {
-                       DEBUG(3,("Account for user '%s' has no password and 
null passwords are allowed.\n", 
-                                user_info->mapped.account_name));
-                       *lm_sess_key = data_blob(NULL, 0);
-                       *user_sess_key = data_blob(NULL, 0);
-                       return NT_STATUS_OK;
-               } else {
-                       DEBUG(3,("Account for user '%s' has no password and 
null passwords are NOT allowed.\n", 
-                                user_info->mapped.account_name));
-                       return NT_STATUS_LOGON_FAILURE;
-               }               
-       }
-
        switch (user_info->password_state) {
        case AUTH_PASSWORD_PLAIN: 
        {
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 19eb343..b9aceab 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1658,6 +1658,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, 
TALLOC_CTX *mem_ctx,
        minPwdLength =     samdb_result_uint(res[0],   "minPwdLength", 0);
        minPwdAge =        samdb_result_int64(res[0],  "minPwdAge", 0);
 
+       if (userAccountControl & UF_PASSWD_NOTREQD) {
+               /* see [MS-ADTS] 2.2.15 */
+               minPwdLength = 0;
+       }
+
        if (_dominfo) {
                struct samr_DomInfo1 *dominfo;
                /* on failure we need to fill in the reject reasons */
@@ -1697,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, 
TALLOC_CTX *mem_ctx,
                        
                        
                        /* possibly check password complexity */
-                       if (restrictions && pwdProperties & 
DOMAIN_PASSWORD_COMPLEX &&
+                       if (restrictions && (pwdProperties & 
DOMAIN_PASSWORD_COMPLEX) &&
                            !samdb_password_complexity_ok(new_pass)) {
                                if (reject_reason) {
                                        *reject_reason = SAMR_REJECT_COMPLEXITY;


-- 
Samba Shared Repository

Reply via email to