s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check...

This is keep compatibility with the AD DC usage.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
index 87a3f32ff134db7f5cf812c24d32223e8638e972..3749edbb044524606153cc65c72a8de3be85280a 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
@@ -941,6 +941,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
 ************************************************************/
 
 NTSTATUS check_password_complexity(const char *username,
+                                  const char *fullname,
                                   const char *password,
                                   enum samPwdChangeReason *samr_reject_reason)
 {
@@ -960,7 +961,23 @@ NTSTATUS check_password_complexity(const char *username,
                return NT_STATUS_PASSWORD_RESTRICTION;
        }
 
+       check_ret = setenv("SAMBA_CPS_ACCOUNT_NAME", username, 1);
+       if (check_ret != 0) {
+               return map_nt_error_from_unix_common(errno);
+       }
+       unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
+       if (fullname != NULL) {
+               check_ret = setenv("SAMBA_CPS_FULL_NAME", fullname, 1);
+       } else {
+               unsetenv("SAMBA_CPS_FULL_NAME");
+       }
+       if (check_ret != 0) {
+               return map_nt_error_from_unix_common(errno);
+       }
        check_ret = smbrunsecret(cmd, password);
+       unsetenv("SAMBA_CPS_ACCOUNT_NAME");
+       unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
+       unsetenv("SAMBA_CPS_FULL_NAME");
        DEBUG(5,("check_password_complexity: check password script (%s) "
                 "returned [%d]\n", cmd, check_ret));
        TALLOC_FREE(cmd);
@@ -995,6 +1012,7 @@ static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
        TALLOC_CTX *tosctx = talloc_tos();
        struct passwd *pass = NULL;
        const char *username = pdb_get_username(hnd);
+       const char *fullname = pdb_get_fullname(hnd);
        time_t can_change_time = pdb_get_pass_can_change_time(hnd);
        NTSTATUS status;
 
@@ -1062,7 +1080,10 @@ static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       status = check_password_complexity(username, new_passwd, samr_reject_reason);
+       status = check_password_complexity(username,
+                                          fullname,
+                                          new_passwd,
+                                          samr_reject_reason);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(pass);
                return status;

diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 70a2efa4ca63d8ed77f90c4e68258f7a50e5cc62..124d6d38cd707ea46716e1eb18a9165fd52150b5 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -6725,6 +6725,7 @@ static enum samr_ValidationStatus samr_ValidatePassword_Change(TALLOC_CTX *mem_c
        }
        if (dom_pw_info->password_properties & DOMAIN_PASSWORD_COMPLEX) {
                status = check_password_complexity(req->account.string,
+                                                  NULL, /* full_name */
                                                   req->password.string,
                                                   NULL);
                if (!NT_STATUS_IS_OK(status)) {
@@ -6755,6 +6756,7 @@ static enum samr_ValidationStatus samr_ValidatePassword_Reset(TALLOC_CTX *mem_ct
        }
        if (dom_pw_info->password_properties & DOMAIN_PASSWORD_COMPLEX) {
                status = check_password_complexity(req->account.string,
+                                                  NULL, /* full_name */
                                                   req->password.string,
                                                   NULL);
                if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/rpc_server/samr/srv_samr_util.h b/source3/rpc_server/samr/srv_samr_util.h
index f992e2b908263e5d6f879392552bf56293ff9ee3..c0c4808f330ef3ad08c7e050fc471bbee0c4fc05 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_util.h
+++ b/source3/rpc_server/samr/srv_samr_util.h
@@ -75,5 +75,6 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
                         const uchar old_nt_hash_encrypted[16],
                         enum samPwdChangeReason *reject_reason);
 NTSTATUS check_password_complexity(const char *username,
+                                  const char *fullname,
                                   const char *password,
                                   enum samPwdChangeReason *samr_reject_reason);