103-chgpasswd.c.diff [plain text]
--- samba/source/smbd/chgpasswd.c.orig 2004-12-13 20:11:25.000000000 -0800
+++ samba/source/smbd/chgpasswd.c 2004-12-13 20:22:16.000000000 -0800
@@ -703,7 +703,32 @@
{
pstring new_passwd;
SAM_ACCOUNT *sampass = NULL;
- NTSTATUS nt_status = check_oem_password(user, password_encrypted_with_lm_hash,
+ NTSTATUS nt_status = NT_STATUS_WRONG_PASSWORD;
+
+#ifdef WITH_OPENDIRECTORY
+ tDirStatus dir_status = eDSNullParameter;
+ u_int8_t passwordFormat = 0;
+
+ if (lp_opendirectory()) {
+ if(password_encrypted_with_nt_hash != NULL && old_nt_hash_encrypted != NULL)
+ passwordFormat = 1; /* 0 - UTF8 | 1 - UCS2 Unicode, >1 == codepage */
+ become_root();
+ dir_status = opendirectory_lmchap2changepasswd(user, password_encrypted_with_lm_hash, old_lm_hash_encrypted, passwordFormat, NULL);
+ unbecome_root();
+ DEBUG(3, ("pass_oem_change: [%d]opendirectory_lmchap2changepasswd passwordFormat(%d)\n", dir_status, passwordFormat));
+ if (eDSNoErr == dir_status)
+ nt_status = NT_STATUS_OK;
+ else if (eDSAuthPasswordTooShort == dir_status ||
+ eDSAuthPasswordTooLong == dir_status ||
+ eDSAuthPasswordNeedsLetter == dir_status ||
+ eDSAuthPasswordNeedsDigit == dir_status ||
+ eDSAuthPasswordChangeTooSoon == dir_status ||
+ eDSAuthPasswordQualityCheckFailed == dir_status) {
+ nt_status = NT_STATUS_PASSWORD_RESTRICTION;
+ }
+ } else {
+#endif
+ nt_status = check_oem_password(user, password_encrypted_with_lm_hash,
old_lm_hash_encrypted,
password_encrypted_with_nt_hash,
old_nt_hash_encrypted,
@@ -720,6 +745,9 @@
memset(new_passwd, 0, sizeof(new_passwd));
pdb_free_sam(&sampass);
+#ifdef WITH_OPENDIRECTORY
+ }
+#endif
return nt_status;
}