provision: Decrease the length of random machine passwords

The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/join.py b/python/samba/join.py
index 28698e1744ca86de4a0c02a2aa5fa5b1a43beccd..d78375441fb85c40883369e1a4d720372b745221 100644 (file)
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -136,7 +136,7 @@ class DCJoinContext(object):
         if machinepass is not None:
             ctx.acct_pass = machinepass
         else:
-            ctx.acct_pass = samba.generate_random_machine_password(128, 255)
+            ctx.acct_pass = samba.generate_random_machine_password(120, 120)
 
         ctx.dnsdomain = ctx.samdb.domain_dns_name()
 

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index b87ad38eeffedd13a2e424f5e6e5bf8da8a1661b..2531f51ffc8463d690c42d7e727fe0373f76e785 100644 (file)
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1925,7 +1925,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
     if krbtgtpass is None:
         krbtgtpass = samba.generate_random_machine_password(128, 255)
     if machinepass is None:
-        machinepass = samba.generate_random_machine_password(128, 255)
+        machinepass = samba.generate_random_machine_password(120, 120)
     if dnspass is None:
         dnspass = samba.generate_random_password(128, 255)
 

diff --git a/python/samba/tests/samba_tool/provision_userPassword_crypt.py b/python/samba/tests/samba_tool/provision_userPassword_crypt.py
index 234daba3064fcdf7be9bb35408f4b91168a40fb9..32205b6b9f9a8322a7222553aaa99fdfb8948b7b 100644 (file)
--- a/python/samba/tests/samba_tool/provision_userPassword_crypt.py
+++ b/python/samba/tests/samba_tool/provision_userPassword_crypt.py
@@ -55,7 +55,7 @@ class ProvisionUserPasswordTestCase(SambaToolCmdTest):
         return self.run_command(command)
 
     def test_crypt(self):
-        (result, out, err) = self.provision("FooBar123")
+        (result, out, err) = self.provision()
         self.assertEqual(0, result)
 
     def tearDown(self):

diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index a0de1b7d3e005fa884cbed9652f2f8ad5e345d24..3f07b3f20d68a17c95e9177c8aedbaaa19dcb4ab 100644 (file)
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -164,7 +164,7 @@ NTSTATUS libnet_vampire_cb_prepare_db(void *private_data,
        settings.realm = s->realm;
        settings.domain = s->domain_name;
        settings.server_dn_str = p->dest_dsa->server_dn_str;
-       settings.machine_password = generate_random_machine_password(s, 128, 255);
+       settings.machine_password = generate_random_machine_password(s, 120, 120);
        settings.targetdir = s->targetdir;
        settings.use_ntvfs = true;
        status = provision_bare(s, s->lp_ctx, &settings, &result);

diff --git a/source4/scripting/bin/renamedc b/source4/scripting/bin/renamedc
index 6a9bd1c82bd611538d79c898e91cdbc1ff623f12..ef3aa75db76dba8b6c0588495a7a97a4ae8745ff 100755 (executable)
--- a/source4/scripting/bin/renamedc
+++ b/source4/scripting/bin/renamedc
@@ -95,7 +95,7 @@ if __name__ == '__main__':
 
     # Then change password and samaccountname and dnshostname
     msg = ldb.Message(newdn)
-    machinepass = samba.generate_random_machine_password(128, 255)
+    machinepass = samba.generate_random_machine_password(120, 120)
     mputf16 = machinepass.encode('utf-16-le')
 
     account = "%s$" % opts.newname.upper()