103-chgpasswd.c.diff [plain text]
Index: samba/source/smbd/chgpasswd.c
===================================================================
--- samba/source/smbd/chgpasswd.c.orig
+++ samba/source/smbd/chgpasswd.c
@@ -47,6 +47,7 @@
*/
#include "includes.h"
+#include "opendirectory.h"
extern struct passdb_ops pdb_ops;
@@ -722,21 +723,66 @@ NTSTATUS pass_oem_change(char *user,
{
pstring new_passwd;
struct samu *sampass = NULL;
- NTSTATUS nt_status = check_oem_password(user, password_encrypted_with_lm_hash,
- old_lm_hash_encrypted,
- password_encrypted_with_nt_hash,
- old_nt_hash_encrypted,
- &sampass, new_passwd, sizeof(new_passwd));
-
- if (!NT_STATUS_IS_OK(nt_status))
- return nt_status;
+ NTSTATUS nt_status = NT_STATUS_WRONG_PASSWORD;
- /* We've already checked the old password here.... */
- become_root();
- nt_status = change_oem_password(sampass, NULL, new_passwd, True, reject_reason);
- unbecome_root();
- memset(new_passwd, 0, sizeof(new_passwd));
+ if (lp_opendirectory()) {
+ tDirStatus dir_status = eDSNullParameter;
+ u_int8_t passwordFormat = 0;
+
+ if (password_encrypted_with_nt_hash && old_nt_hash_encrypted) {
+ /* 0 - UTF8 | 1 - UCS2 Unicode, >1 == codepage */
+ passwordFormat = 1;
+ }
+
+ become_root();
+ dir_status = opendirectory_lmchap2changepasswd(user,
+ password_encrypted_with_lm_hash,
+ old_lm_hash_encrypted, passwordFormat,
+ NULL);
+ unbecome_root();
+
+ DEBUG(3, ("pass_oem_change: "
+ "[%d]opendirectory_lmchap2changepasswd "
+ "passwordFormat(%d)\n", dir_status, passwordFormat));
+
+ switch (dir_status) {
+ case eDSNoErr:
+ nt_status = NT_STATUS_OK;
+ break;
+ case eDSAuthPasswordTooShort:
+ case eDSAuthPasswordTooLong:
+ case eDSAuthPasswordNeedsLetter:
+ case eDSAuthPasswordNeedsDigit:
+ case eDSAuthPasswordChangeTooSoon:
+ case eDSAuthPasswordQualityCheckFailed:
+ nt_status = NT_STATUS_PASSWORD_RESTRICTION;
+ break;
+ default:
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ }
+ } else {
+
+ nt_status = check_oem_password(user,
+ password_encrypted_with_lm_hash,
+ old_lm_hash_encrypted,
+ password_encrypted_with_nt_hash,
+ old_nt_hash_encrypted,
+ &sampass, new_passwd, sizeof(new_passwd));
+
+ if (!NT_STATUS_IS_OK(nt_status))
+ return nt_status;
+
+ /* We've already checked the old password here.... */
+ become_root();
+ nt_status = change_oem_password(sampass, NULL, new_passwd,
+ True, reject_reason);
+ unbecome_root();
+ }
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+ memset(new_passwd, 0, sizeof(new_passwd));
+ }
TALLOC_FREE(sampass);