dsdb/util: rework samdb_check_password() to support utf8

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit e5ca813ffb4398faeefc96c224d3b2677e576c7a)

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 2b96bd431e72608996057bdf0db2a7811303aea2..8e407768ffaeb89cdc51fd0471664e7566a6ed56 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1906,19 +1906,30 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
  *
  * Result codes from "enum samr_ValidationStatus" (consider "samr.idl")
  */
-enum samr_ValidationStatus samdb_check_password(const DATA_BLOB *password,
+enum samr_ValidationStatus samdb_check_password(const DATA_BLOB *utf8_blob,
                                                const uint32_t pwdProperties,
                                                const uint32_t minPwdLength)
 {
+       const char *utf8_pw = (const char *)utf8_blob->data;
+       size_t utf8_len = strlen_m(utf8_pw);
+
        /* checks if the "minPwdLength" property is satisfied */
-       if (minPwdLength > password->length)
+       if (minPwdLength > utf8_len) {
                return SAMR_VALIDATION_STATUS_PWD_TOO_SHORT;
+       }
 
        /* checks the password complexity */
-       if (((pwdProperties & DOMAIN_PASSWORD_COMPLEX) != 0)
-                       && (password->data != NULL)
-                       && (!check_password_quality((const char *) password->data)))
+       if (!(pwdProperties & DOMAIN_PASSWORD_COMPLEX)) {
+               return SAMR_VALIDATION_STATUS_SUCCESS;
+       }
+
+       if (utf8_len == 0) {
                return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
+       }
+
+       if (!check_password_quality(utf8_pw)) {
+               return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH;
+       }
 
        return SAMR_VALIDATION_STATUS_SUCCESS;
 }