+++ /dev/null
-^samba.tests.samba_tool.user_check_password_script.*samba.tests.samba_tool.user_check_password_script.UserCheckPwdTestCase.test_checkpassword_username
*/
enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
+ const char *account_name,
+ const char *user_principal_name,
+ const char *full_name,
const DATA_BLOB *utf8_blob,
const uint32_t pwdProperties,
const uint32_t minPwdLength)
tevent_timeval_current_ofs(1, 0),
pwd_timeout_debug, NULL);
+ check_ret = setenv("SAMBA_CPS_ACCOUNT_NAME", account_name, 1);
+ if (check_ret != 0) {
+ TALLOC_FREE(password_script);
+ TALLOC_FREE(event_ctx);
+ return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+ }
+ if (user_principal_name != NULL) {
+ check_ret = setenv("SAMBA_CPS_USER_PRINCIPAL_NAME",
+ user_principal_name, 1);
+ } else {
+ unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
+ }
+ if (check_ret != 0) {
+ TALLOC_FREE(password_script);
+ TALLOC_FREE(event_ctx);
+ return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+ }
+ if (full_name != NULL) {
+ check_ret = setenv("SAMBA_CPS_FULL_NAME", full_name, 1);
+ } else {
+ unsetenv("SAMBA_CPS_FULL_NAME");
+ }
+ if (check_ret != 0) {
+ TALLOC_FREE(password_script);
+ TALLOC_FREE(event_ctx);
+ return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR;
+ }
+
req = samba_runcmd_send(event_ctx, event_ctx,
tevent_timeval_current_ofs(10, 0),
100, 100, cmd, NULL);
+ unsetenv("SAMBA_CPS_ACCOUNT_NAME");
+ unsetenv("SAMBA_CPS_USER_PRINCIPAL_NAME");
+ unsetenv("SAMBA_CPS_FULL_NAME");
if (req == NULL) {
TALLOC_FREE(password_script);
TALLOC_FREE(event_ctx);
NTTIME pwdLastSet;
const char *sAMAccountName;
const char *user_principal_name;
+ const char *displayName; /* full name */
bool is_krbtgt;
uint32_t restrictions;
struct dom_sid *account_sid;
if (io->n.cleartext_utf8 != NULL) {
enum samr_ValidationStatus vstat;
vstat = samdb_check_password(io->ac, lp_ctx,
+ io->u.sAMAccountName,
+ io->u.user_principal_name,
+ io->u.displayName,
io->n.cleartext_utf8,
io->ac->status->domain_data.pwdProperties,
io->ac->status->domain_data.minPwdLength);
"sAMAccountName", NULL);
io->u.user_principal_name = ldb_msg_find_attr_as_string(info_msg,
"userPrincipalName", NULL);
+ io->u.displayName = ldb_msg_find_attr_as_string(info_msg,
+ "displayName", NULL);
/* Ensure it has an objectSID too */
io->u.account_sid = samdb_result_dom_sid(ac, info_msg, "objectSid");
"sAMAccountName",
"objectSid",
"userPrincipalName",
+ "displayName",
"supplementalCredentials",
"lmPwdHistory",
"ntPwdHistory",
{
struct samr_GetDomPwInfo r2;
struct samr_PwInfo pwInfo;
+ const char *account = NULL;
DATA_BLOB password;
enum samr_ValidationStatus res;
NTSTATUS status;
return NT_STATUS_NOT_SUPPORTED;
break;
case NetValidatePasswordChange:
+ account = r->in.req->req2.account.string;
password = data_blob_const(r->in.req->req2.password.string,
r->in.req->req2.password.length);
res = samdb_check_password(mem_ctx,
dce_call->conn->dce_ctx->lp_ctx,
+ account,
+ NULL, /* userPrincipalName */
+ NULL, /* displayName/full_name */
&password,
pwInfo.password_properties,
pwInfo.min_password_length);
(*r->out.rep)->ctr2.status = res;
break;
case NetValidatePasswordReset:
+ account = r->in.req->req3.account.string;
password = data_blob_const(r->in.req->req3.password.string,
r->in.req->req3.password.length);
res = samdb_check_password(mem_ctx,
dce_call->conn->dce_ctx->lp_ctx,
+ account,
+ NULL, /* userPrincipalName */
+ NULL, /* displayName/full_name */
&password,
pwInfo.password_properties,
pwInfo.min_password_length);