fi
fi
-
-dictpath="/usr/lib/cracklib_dict"
-
-###############################################
-# test for where we get FaciestCheck from
-AC_MSG_CHECKING(where to use cracklib from (default=$dictpath))
-AC_ARG_WITH(cracklib,
-[ --with-cracklib[=DIR] Look for cracklib dictionary in this location ],
-[ case "$withval" in
- yes)
- AC_MSG_RESULT(${dictpath})
- ;;
- no)
- AC_MSG_RESULT(no)
- dictpath=""
- ;;
- *)
- dictpath="$withval"
- AC_MSG_RESULT(${dictpath})
- ;;
- esac ],
- dictpath=""
- AC_MSG_RESULT(no)
-)
-
-if test x$dictpath != x""; then
- AC_SEARCH_LIBS(FascistCheck, [crack],
- [test "$ac_cv_search_crack" = "none required" || samba_cv_found_crack="yes"
- AC_DEFINE(HAVE_CRACK,1,[Whether the system has the FaciestCheck function from cracklib])])
-
- crack_saved_libs=$LIBS;
-
- if test x$samba_cv_found_crack=x"yes"; then
- AC_SEARCH_LIBS(CRACKLIB_DICTPATH, [crypt],
- AC_DEFINE(HAVE_CRACKLIB_DICTPATH, 1, [Whether we have given a CRACKLIB_DICTPATH in our headers])
- )
-
- AC_DEFINE_UNQUOTED(SAMBA_CRACKLIB_DICTPATH, "$dictpath", [Where the cracklib dictionay is])
- AC_MSG_CHECKING(Whether we have a working cracklib)
- AC_TRY_RUN([
- #include "${srcdir-.}/tests/crack.c"],
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_WORKING_CRACKLIB,1,[Whether we have a working cracklib])
- AUTH_LIBS="-lcrack $AUTH_LIBS",
-
- AC_MSG_RESULT(no)
- AC_MSG_WARN(cracklib exists - but does not function correctly),
-
- AC_MSG_RESULT(no)
- AC_MSG_WARN(cannot test-run when cross-compiling)
- )
- else
- AC_MSG_CHECKING(Whether we have cracklib)
- AC_MSG_RESULT(no)
- fi
- LIBS=$crack_saved_libs
-fi
-
########################################################################################
##
## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER
int change_notify_timeout;
int map_to_guest;
int min_passwd_length;
- BOOL use_cracklib;
int oplock_break_wait_time;
int winbind_cache_time;
int iLockSpinCount;
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED},
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED},
{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED},
- {"use cracklib", P_BOOL, P_GLOBAL, &Globals.use_cracklib, NULL, NULL, FLAG_ADVANCED},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED},
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED},
Globals.map_to_guest = 0; /* By Default, "Never" */
Globals.min_passwd_length = MINPASSWDLENGTH; /* By Default, 5. */
- Globals.use_cracklib = False;
Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
Globals.enhanced_browsing = True;
Globals.iLockSpinCount = 3; /* Try 3 times. */
FN_GLOBAL_INTEGER(lp_change_notify_timeout, &Globals.change_notify_timeout)
FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
-FN_GLOBAL_BOOL(lp_use_cracklib, &Globals.use_cracklib)
FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
FN_GLOBAL_INTEGER(lp_lock_spin_count, &Globals.iLockSpinCount)
FN_GLOBAL_INTEGER(lp_lock_sleep_time, &Globals.iLockSpinTime)
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
} else {
/* update the UNIX password */
- if (lp_unix_password_sync() ) {
- struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd));
- if (!passwd) {
- DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
- }
-
- if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+ if (lp_unix_password_sync() )
+ if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
pdb_free_sam(&pwd);
return False;
}
- }
}
ZERO_STRUCT(plaintext_buf);
} else {
/* update the UNIX password */
if (lp_unix_password_sync()) {
- struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd));
- if (!passwd) {
- DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
- }
-
- if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+ if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
pdb_free_sam(&pwd);
return False;
}
#include "includes.h"
-#ifdef HAVE_WORKING_CRACKLIB
-#include <crack.h>
-
-#ifndef HAVE_CRACKLIB_DICTPATH
-#ifndef CRACKLIB_DICTPATH
-#define CRACKLIB_DICTPATH SAMBA_CRACKLIB_DICTPATH
-#endif
-#endif
-#endif
-
extern struct passdb_ops pdb_ops;
static NTSTATUS check_oem_password(const char *user,
return (chstat);
}
-BOOL chgpasswd(const char *name, const struct passwd *pass,
- const char *oldpass, const char *newpass, BOOL as_root)
+BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
{
pstring passwordprogram;
pstring chatsequence;
size_t i;
size_t len;
+ struct passwd *pass;
+
+ if (!name) {
+ DEBUG(1, ("chgpasswd: NULL username specfied !\n"));
+ }
+
+ pass = Get_Pwnam(name);
+ if (!pass) {
+ DEBUG(1, ("chgpasswd: Username does not exist in system !\n"));
+ return False;
+ }
+
if (!oldpass) {
oldpass = "";
}
#endif
/* Take the passed information and test it for minimum criteria */
+ /* Minimum password length */
+ if (strlen(newpass) < lp_min_passwd_length()) {
+ /* too short, must be at least MINPASSWDLENGTH */
+ DEBUG(0, ("chgpasswd: Password Change: user %s, New password is shorter than minimum password length = %d\n",
+ name, lp_min_passwd_length()));
+ return (False); /* inform the user */
+ }
/* Password is same as old password */
if (strcmp(oldpass, newpass) == 0) {
#else /* ALLOW_CHANGE_PASSWORD */
-BOOL chgpasswd(const char *name, const struct passwd *pass,
- const char *oldpass, const char *newpass, BOOL as_root)
+BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
{
DEBUG(0, ("chgpasswd: Password changing not compiled in (user=%s)\n", name));
return (False);
NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd, BOOL as_root)
{
- struct passwd *pass;
-
BOOL ret;
uint32 min_len;
/* return NT_STATUS_PWD_TOO_SHORT; */
}
- pass = Get_Pwnam(pdb_get_username(hnd));
- if (!pass) {
- DEBUG(1, ("check_oem_password: Username does not exist in system !?!\n"));
- }
-
-#ifdef HAVE_WORKING_CRACKLIB
- if (pass) {
- /* if we can, become the user to overcome internal cracklib sillyness */
- if (!push_sec_ctx())
- return NT_STATUS_UNSUCCESSFUL;
-
- set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
- set_re_uid();
- }
-
- if (lp_use_cracklib()) {
- const char *crack_check_reason;
- DEBUG(4, ("change_oem_password: Checking password for user [%s]"
- " against cracklib. \n", pdb_get_username(hnd)));
- DEBUGADD(4, ("If this is your last message, then something is "
- "wrong with cracklib, it might be missing it's "
- "dictionaries at %s\n",
- CRACKLIB_DICTPATH));
- dbgflush();
-
- crack_check_reason = FascistCheck(new_passwd, (char *)CRACKLIB_DICTPATH);
- if (crack_check_reason) {
- DEBUG(1, ("Password Change: user [%s], "
- "New password failed cracklib test - %s\n",
- pdb_get_username(hnd), crack_check_reason));
-
- /* get back to where we should be */
- if (pass)
- pop_sec_ctx();
- return NT_STATUS_PASSWORD_RESTRICTION;
- }
- }
-
- if (pass)
- pop_sec_ctx();
-#endif
+ /* TODO: Add cracklib support here */
/*
* If unix password sync was requested, attempt to change
*/
if(lp_unix_password_sync() &&
- !chgpasswd(pdb_get_username(hnd), pass, old_passwd, new_passwd, as_root)) {
+ !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, as_root)) {
return NT_STATUS_ACCESS_DENIED;
}
git.samba.org / kai / samba.git / commitdiff