git.samba.org / ira / wip.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
r2331: check password script code and example from trunk
[ira/wip.git] / source3 / smbd / chgpasswd.c
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 8ea5b9c60a3c37c093f77b04603b0e4a22ff4ef4..7d3ffedec0e04c1120c0c00cedfacd555b66e129 100644 (file)
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1046,6 +1046,19 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       /* Use external script to check password complexity */
+       if (lp_check_password_script()) {
+               int check_ret;
+
+               check_ret = smbrunsecret(lp_check_password_script(), new_passwd);
+               DEBUG(5, ("change_oem_password: check password script (%s) returned [%d]\n", lp_check_password_script(), check_ret));
+
+               if (check_ret != 0) {
+                       DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
+                       return NT_STATUS_PASSWORD_RESTRICTION;
+               }
+       }
+
        /*
         * If unix password sync was requested, attempt to change
         * the /etc/passwd database first. Return failure if this cannot
Unnamed repository; edit this file 'description' to name the repository.