From 9f95a9c018699cf061cee0a6099b52a684587faf Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 19 Jan 2007 14:54:05 +0000 Subject: r20905: Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION if the pw chnage fails due to policy settings where as 2003 (the chgpasswd3() request) fails with NT_STATUS_PASSWORD_RESTRICTION. Thunk down to the same return code so we correctly retreive the password policy in both cases. --- source/nsswitch/winbindd_pam.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'source/nsswitch') diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index 70007d481c6..0463b16d24c 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -1867,9 +1867,9 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact result = rpccli_samr_chgpasswd3(cli, state->mem_ctx, user, newpass, oldpass, &info, &reject); - /* FIXME: need to check for other error codes ? */ - if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) { + /* Windows 2003 returns NT_STATUS_PASSWORD_RESTRICTION */ + if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) ) { state->response.data.auth.policy.min_length_password = info.min_length_password; state->response.data.auth.policy.password_history = @@ -1885,9 +1885,10 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact reject.reject_reason; got_info = True; + } /* only fallback when the chgpasswd3 call is not supported */ - } else if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || + if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) { @@ -1895,6 +1896,13 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact nt_errstr(result))); result = rpccli_samr_chgpasswd_user(cli, state->mem_ctx, user, newpass, oldpass); + + /* Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION. + Map to the same status code as Windows 2003. */ + + if ( NT_STATUS_EQUAL(NT_STATUS_ACCOUNT_RESTRICTION, result ) ) { + result = NT_STATUS_PASSWORD_RESTRICTION; + } } done: -- cgit