The Samba-Bugzilla – Attachment 8299 Details for
Bug 9414
'samba-tool user add' ignores password complexity settings
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches cherry-picked from master
0001-s4-dsdb-password_hash-Honor-password-complexity-sett.patch (text/plain), 2.14 KB, created by
Andrew Bartlett
on 2012-12-07 10:04:31 UTC
(
hide
)
Description:
Patches cherry-picked from master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2012-12-07 10:04:31 UTC
Size:
2.14 KB
patch
obsolete
>From 4baf3dcf8e1889c986d75dc4ba1b6fc1333f074c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 23 Nov 2012 11:49:05 +0100 >Subject: [PATCH] s4:dsdb/password_hash: Honor password complexity settings. > >Honor password complexity settings when creating new users. >Without this patch, you could set simple passwords although the complexity >settings were enabled. This was an issue with 'samba-tool user add' and also >when adding new users via Windows' "Active Directory Users and Computers" >MMC Snap-In. > >The following scenarios were tested successfully after applying the patch: >-'samba-tool user add' against s4 >-'samba-tool user add -H' against a Windows DC >-Adding a new user on a s4 DC using Windows' "Active Directory Users and > Computers" MMC Snap-In. > >Please note that this bug was caused by a mistake in the documentation. > >Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. > >Pair-programmed-with: Karolin Seeger <kseeger@samba.org> > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Signed-off-by: Karolin Seeger <kseeger@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Thu Dec 6 05:11:43 CET 2012 on sn-devel-104 >(cherry picked from commit f8056b7a6998e002f473b0ad79eee046236a7032) >--- > source4/dsdb/samdb/ldb_modules/password_hash.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c >index 620de75..0f8920c 100644 >--- a/source4/dsdb/samdb/ldb_modules/password_hash.c >+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c >@@ -2188,8 +2188,14 @@ static int setup_io(struct ph_context *ac, > & (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT > | UF_SERVER_TRUST_ACCOUNT)); > >- if ((io->u.userAccountControl & UF_PASSWD_NOTREQD) != 0) { >+ if (!ldb_req_is_untrusted(ac->req) && >+ (io->u.userAccountControl & UF_PASSWD_NOTREQD)) >+ { > /* see [MS-ADTS] 2.2.15 */ >+ /* >+ * This seems to only happen for SAMR >+ * and not for LDAP clients >+ */ > io->u.restrictions = 0; > } > >-- >1.7.11.7 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8299">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 9414
:
8299
|
8338
|
8339