Imported Upstream version 4.0.3+dfsg1

[abartlet/samba-debian.git] / source4 / dsdb / samdb / ldb_modules / password_hash.c

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 9bf596c3bcab1d93b7f7751b135f305fd45a4211..e9c2bca2dc9a7f0ce43b152fc690d11e406b0b2c 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1876,7 +1876,6 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
 {
        struct ldb_context *ldb;
        int ret;
-       enum samr_ValidationStatus stat;
 
        ldb = ldb_module_get_ctx(io->ac->module);
 
@@ -1973,10 +1972,11 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
         * It is also in use by "dcesrv_samr_ValidatePassword".
         */
        if (io->n.cleartext_utf8 != NULL) {
-               stat = samdb_check_password(io->n.cleartext_utf8,
-                                           io->ac->status->domain_data.pwdProperties,
-                                           io->ac->status->domain_data.minPwdLength);
-               switch (stat) {
+               enum samr_ValidationStatus vstat;
+               vstat = samdb_check_password(io->n.cleartext_utf8,
+                                            io->ac->status->domain_data.pwdProperties,
+                                            io->ac->status->domain_data.minPwdLength);
+               switch (vstat) {
                case SAMR_VALIDATION_STATUS_SUCCESS:
                                /* perfect -> proceed! */
                        break;
@@ -2203,6 +2203,29 @@ static int setup_io(struct ph_context *ac,
                }
        }
 
+       if (io->n.cleartext_utf8 != NULL) {
+               struct ldb_val *cleartext_utf8_blob;
+               char *p;
+
+               cleartext_utf8_blob = talloc(io->ac, struct ldb_val);
+               if (!cleartext_utf8_blob) {
+                       return ldb_oom(ldb);
+               }
+
+               *cleartext_utf8_blob = *io->n.cleartext_utf8;
+
+               /* make sure we have a null terminated string */
+               p = talloc_strndup(cleartext_utf8_blob,
+                                  (const char *)io->n.cleartext_utf8->data,
+                                  io->n.cleartext_utf8->length);
+               if ((p == NULL) && (io->n.cleartext_utf8->length > 0)) {
+                       return ldb_oom(ldb);
+               }
+               cleartext_utf8_blob->data = (uint8_t *)p;
+
+               io->n.cleartext_utf8 = cleartext_utf8_blob;
+       }
+
        ret = msg_find_old_and_new_pwd_val(orig_msg, "clearTextPassword",
                                           ac->req->operation,
                                           &io->n.cleartext_utf16,