Patrick McCarty wrote: > > > Basiclly, the code needs a general rewrite - at the very lest we need > > the BOOLs converted to NTSTATUS. > > These are the three functions that call change_oem_password: > > pass_oem_change in smbd/chgpassword.c > api_SetUserPassword in smbd/lanman.c
api_SamOEMChangePassword is smbd/lanman.c > update_smbpassword_file in smbd/password.c Hmm, firstly: You need to work in HEAD here, no further development will occour in 2.2 and you will just confuse me - I have already changed this stuff around a fair bit. You also probably missed the 'change_lanman_password' at the bottom on api_SetUserPassword. It doesn't get the plaintext, but does change the LM hash. (but not the NT hash) > They are currently BOOLs. If I change them to be NTSTATUS with > and add similar code to that of the patch I recently mailed to the list, > and check add a check for acctFlags somewhere in the Unix Password Sync > code, we are looking okay? Starting to. We need one of two things: a 'user password change' fucntion, that takes the old password, new password, a flags feild and returns an NTSTATUS. The flags should indicate if the old password is actually there, and if the new password is plaintext or an LM hash. It should probably do some of the things that are done in pdb_set_plaintext_password(), but I'm not quite sure. It should certainly enforce a 'minimum password length' paramater, and possibly check with cracklib (if so configured) or a 'user password change authorization' fuction - but getting this all in one place would be good. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net