From: Günther Deschner <gd@samba.org>
Date: Sat, 2 Oct 2004 00:13:21 +0000 (+0000)
Subject: r2772: Check correct string length when verifying password-policies. Do not
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5733
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d03683772942e8c32507be210b8fd35bfba2c048;p=thirdparty%2Fsamba.git

r2772: Check correct string length when verifying password-policies. Do not
allow e.g. two umlauts and one ascii char to comply with account-policy
"min password length" of 5.

Thanks to Uwe Morgenroth from CC Compunet and Volker.

TODO: we do check the length against AP_MIN_PASSWORD_LEN *and*
lp_min_passwd_length() - both can have differing values.
---

diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index af363d75a3f..f8636be351f 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -1018,7 +1018,8 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
 
-	if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (strlen(new_passwd) < min_len)) {
+	/* FIXME: AP_MIN_PASSWORD_LEN and lp_min_passwd_length() need to be merged - gd */
+	if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
 		DEBUG(1, ("user %s cannot change password - password too short\n", 
 			  username));
 		DEBUGADD(1, (" account policy min password len = %d\n", min_len));
@@ -1028,7 +1029,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 
 	/* Take the passed information and test it for minimum criteria */
 	/* Minimum password length */
-	if (strlen(new_passwd) < lp_min_passwd_length()) {
+	if (str_charnum(new_passwd) < lp_min_passwd_length()) {
 		/* too short, must be at least MINPASSWDLENGTH */
 		DEBUG(1, ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
 		       username, lp_min_passwd_length()));