The Samba-Bugzilla – Attachment 4133 Details for
Bug 5018
There's no %u expansion for 'check password script'
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to implement Requested Enhancement
0001-Pass-also-sername-to-check-password-script.patch (text/plain), 2.49 KB, created by
Simo Sorce
on 2009-05-09 11:16:05 UTC
(
hide
)
Description:
Patch to implement Requested Enhancement
Filename:
MIME Type:
Creator:
Simo Sorce
Created:
2009-05-09 11:16:05 UTC
Size:
2.49 KB
patch
obsolete
>From efa9bc9dc690e77ef623e7337b34b14d13912101 Mon Sep 17 00:00:00 2001 >From: Simo Sorce <idra@samba.org> >Date: Sat, 9 May 2009 11:26:14 -0400 >Subject: [PATCH] Pass also sername to check password script > >--- > source3/smbd/chgpasswd.c | 16 ++++++++++++---- > 1 files changed, 12 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c >index dd1864e..2eb09d1 100644 >--- a/source3/smbd/chgpasswd.c >+++ b/source3/smbd/chgpasswd.c >@@ -1085,6 +1085,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw > { > uint32 min_len; > uint32 refuse; >+ TALLOC_CTX *tosctx = talloc_tos(); > struct passwd *pass = NULL; > const char *username = pdb_get_username(hnd); > time_t can_change_time = pdb_get_pass_can_change_time(hnd); >@@ -1122,7 +1123,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw > if ((can_change_time != 0) && (time(NULL) < can_change_time)) { > DEBUG(1, ("user %s cannot change password now, must " > "wait until %s\n", username, >- http_timestring(talloc_tos(), can_change_time))); >+ http_timestring(tosctx, can_change_time))); > if (samr_reject_reason) { > *samr_reject_reason = SAMR_REJECT_OTHER; > } >@@ -1147,7 +1148,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw > return NT_STATUS_PASSWORD_RESTRICTION; > } > >- pass = Get_Pwnam_alloc(talloc_tos(), username); >+ pass = Get_Pwnam_alloc(tosctx, username); > if (!pass) { > DEBUG(1, ("change_oem_password: Username %s does not exist in system !?!\n", username)); > return NT_STATUS_ACCESS_DENIED; >@@ -1156,9 +1157,16 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw > /* Use external script to check password complexity */ > if (lp_check_password_script() && *(lp_check_password_script())) { > int check_ret; >+ char *cmd; > >- check_ret = smbrunsecret(lp_check_password_script(), new_passwd); >- DEBUG(5, ("change_oem_password: check password script (%s) returned [%d]\n", lp_check_password_script(), check_ret)); >+ cmd = talloc_string_sub(tosctx, lp_check_password_script(), "%u", username); >+ if (!cmd) { >+ return NT_STATUS_PASSWORD_RESTRICTION; >+ } >+ >+ check_ret = smbrunsecret(cmd, new_passwd); >+ DEBUG(5, ("change_oem_password: check password script (%s) returned [%d]\n", cmd, check_ret)); >+ TALLOC_FREE(cmd); > > if (check_ret != 0) { > DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n")); >-- >1.6.0.6 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4133">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5018
: 4133