} SAMR_Q_CHGPASSWD_USER3;
+#define REJECT_REASON_OTHER 0x00000000
#define REJECT_REASON_TOO_SHORT 0x00000001
#define REJECT_REASON_IN_HISTORY 0x00000002
#define REJECT_REASON_NOT_COMPLEX 0x00000005
r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason);
- if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) ||
+ NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) {
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
time_t last_change_time = pdb_get_pass_last_set_time(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
+ if (samr_reject_reason) {
+ *samr_reject_reason = Undefined;
+ }
+
if (pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)) {
/*
* Windows calculates the minimum password age check
DEBUG(1, ("user %s cannot change password now, must "
"wait until %s\n", username,
http_timestring(last_change_time+min_age)));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
return NT_STATUS_ACCOUNT_RESTRICTION;
}
} else {
DEBUG(1, ("user %s cannot change password now, must "
"wait until %s\n", username,
http_timestring(can_change_time)));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
return NT_STATUS_ACCOUNT_RESTRICTION;
}
}