provision: Decrease the length of random machine passwords

The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 609ca657652862fd9c81fd11f818efb74f72ff55)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

diff --git a/python/samba/join.py b/python/samba/join.py
index 79030cdfd2973e234aebeb17bcd5b2f83629c376..d31cabb945a5fb86eea4c815380814ee869d7b3f 100644 (file)
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -136,7 +136,7 @@ class DCJoinContext(object):
         if machinepass is not None:
             ctx.acct_pass = machinepass
         else:
-            ctx.acct_pass = samba.generate_random_machine_password(128, 255)
+            ctx.acct_pass = samba.generate_random_machine_password(120, 120)
 
         ctx.dnsdomain = ctx.samdb.domain_dns_name()
 

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 136267e7aad932d3a34eb3101c7b223259e52974..bdbe9b99a71abae9e18a62adf9b33436e423cd06 100644 (file)
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1926,7 +1926,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
     if krbtgtpass is None:
         krbtgtpass = samba.generate_random_machine_password(128, 255)
     if machinepass is None:
-        machinepass = samba.generate_random_machine_password(128, 255)
+        machinepass = samba.generate_random_machine_password(120, 120)
     if dnspass is None:
         dnspass = samba.generate_random_password(128, 255)
 

diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index a0de1b7d3e005fa884cbed9652f2f8ad5e345d24..3f07b3f20d68a17c95e9177c8aedbaaa19dcb4ab 100644 (file)
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -164,7 +164,7 @@ NTSTATUS libnet_vampire_cb_prepare_db(void *private_data,
        settings.realm = s->realm;
        settings.domain = s->domain_name;
        settings.server_dn_str = p->dest_dsa->server_dn_str;
-       settings.machine_password = generate_random_machine_password(s, 128, 255);
+       settings.machine_password = generate_random_machine_password(s, 120, 120);
        settings.targetdir = s->targetdir;
        settings.use_ntvfs = true;
        status = provision_bare(s, s->lp_ctx, &settings, &result);

diff --git a/source4/scripting/bin/renamedc b/source4/scripting/bin/renamedc
index 6a9bd1c82bd611538d79c898e91cdbc1ff623f12..ef3aa75db76dba8b6c0588495a7a97a4ae8745ff 100755 (executable)
--- a/source4/scripting/bin/renamedc
+++ b/source4/scripting/bin/renamedc
@@ -95,7 +95,7 @@ if __name__ == '__main__':
 
     # Then change password and samaccountname and dnshostname
     msg = ldb.Message(newdn)
-    machinepass = samba.generate_random_machine_password(128, 255)
+    machinepass = samba.generate_random_machine_password(120, 120)
     mputf16 = machinepass.encode('utf-16-le')
 
     account = "%s$" % opts.newname.upper()