Re: --with-cracklib for Samba

Thu, 16 Jan 2003 11:45:18 -0800 

Hi,

I need "expert" comments on the following, it's "kind of"
related to "cracklib". I could dig another 3 hours in the
code but I prefer to keep that 3 hours for cracklib ;-)

- rpc_server/srv_samr_nt.c line ~ 2836 & line ~ 2898 :

  /* update the UNIX password */
  if (lp_unix_password_sync() )
    if(!chgpasswd(pdb_get_username(pwd), "",
      plaintext_buf, True)) {
        pdb_free_sam(&pwd);
        return False;
      }
    }
  ZERO_STRUCT(plaintext_buf);

  if(!pdb_update_sam_account(pwd)) {
    pdb_free_sam(&pwd);
    return False;
  }


  [Q] can't we use change_oem_password()?


  From smbd/chgpasswd.c line ~ 986. The only big
  difference is the IS_SAM_UNIX_USER plus the
  "become_root()" before calling pdb_update_sam_account().
  [ My previous words is what I'd need to dig into... ]

  if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd)
    && !chgpasswd(pdb_get_username(hnd),
    old_passwd, new_passwd, False)) {
                return NT_STATUS_ACCESS_DENIED;
        }

        if (!pdb_set_plaintext_passwd (hnd, new_passwd)) {
                return NT_STATUS_ACCESS_DENIED;
        }

        /* Now write it into the file. */
        become_root();
        ret = pdb_update_sam_account (hnd);
        unbecome_root();

If we can use change_oem_password() in
  rpc_server/srv_samr_nt.c
then I guess we can also remove the following from
smbd/chgpasswd.c ~ line 492 in chgpasswd() since we
already check for this in change_oem_password() :

  /* Take the passed information and test it for minimum criteria */
  /* Minimum password length */
  if (strlen(newpass) < lp_min_passwd_length()) {
        /* too short, must be at least MINPASSWDLENGTH */
    DEBUG(0, ("Password Change: user %s, New password is shorter"
               "than minimum password length = %d\n",
               name, lp_min_passwd_length()));
    return (False); /* inform the user */
  }


If we can't use it, is it because we want to skip the
account_policy_get() in change_oem_password()? I'd also
like to move from smbd/chgpasswd.c line 501 in chgpasswd()

        /* Password is same as old password */
        if (strcmp(oldpass, newpass) == 0) {

to change_oem_password , so all "check / policy to change
passwords would call from the same place".

I hope I was clear enough, "excuse my French!!". No need
to answer me today on this.

Thank you very much,
Pierre B.

Reply via email to