Hi, I need "expert" comments on the following, it's "kind of" related to "cracklib". I could dig another 3 hours in the code but I prefer to keep that 3 hours for cracklib ;-)
- rpc_server/srv_samr_nt.c line ~ 2836 & line ~ 2898 : /* update the UNIX password */ if (lp_unix_password_sync() ) if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) { pdb_free_sam(&pwd); return False; } } ZERO_STRUCT(plaintext_buf); if(!pdb_update_sam_account(pwd)) { pdb_free_sam(&pwd); return False; } [Q] can't we use change_oem_password()? From smbd/chgpasswd.c line ~ 986. The only big difference is the IS_SAM_UNIX_USER plus the "become_root()" before calling pdb_update_sam_account(). [ My previous words is what I'd need to dig into... ] if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd) && !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, False)) { return NT_STATUS_ACCESS_DENIED; } if (!pdb_set_plaintext_passwd (hnd, new_passwd)) { return NT_STATUS_ACCESS_DENIED; } /* Now write it into the file. */ become_root(); ret = pdb_update_sam_account (hnd); unbecome_root(); If we can use change_oem_password() in rpc_server/srv_samr_nt.c then I guess we can also remove the following from smbd/chgpasswd.c ~ line 492 in chgpasswd() since we already check for this in change_oem_password() : /* Take the passed information and test it for minimum criteria */ /* Minimum password length */ if (strlen(newpass) < lp_min_passwd_length()) { /* too short, must be at least MINPASSWDLENGTH */ DEBUG(0, ("Password Change: user %s, New password is shorter" "than minimum password length = %d\n", name, lp_min_passwd_length())); return (False); /* inform the user */ } If we can't use it, is it because we want to skip the account_policy_get() in change_oem_password()? I'd also like to move from smbd/chgpasswd.c line 501 in chgpasswd() /* Password is same as old password */ if (strcmp(oldpass, newpass) == 0) { to change_oem_password , so all "check / policy to change passwords would call from the same place". I hope I was clear enough, "excuse my French!!". No need to answer me today on this. Thank you very much, Pierre B.