From: Günther Deschner <gd@samba.org>
Date: Mon, 4 Oct 2004 15:53:33 +0000 (+0000)
Subject: r2819: Make 'password history'-behaviour in ldapsam more consistent.
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5728
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4b47e71475a06c2e2287613b00648c5f53ae52c;p=thirdparty%2Fsamba.git

r2819: Make 'password history'-behaviour in ldapsam more consistent.

Currently we cannot store more then 15 password history entries (windows
NT4 allows to store 24) in ldapsam. When choosing more then "15" with
pdbedit -P "password history", we fail to initialize the password
history upon password change and overwrite the history, effectively
using a password history of "1". We do already decrease any
history-policy larger then 15 to 15 while storing the password history
list attribute in ldap.

Guenther
---

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 751ec7e049c..02425810b36 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -727,6 +727,9 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 		uint8 *pwhist = NULL;
 		int i;
 
+		/* We can only store (sizeof(pstring)-1)/64 password history entries. */
+		pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+
 		if ((pwhist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
 			DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
 			return False;