diff options
| author | Bob Campbell <bobcampbell@catalyst.net.nz> | 2016-06-28 10:33:24 +1200 |
|---|---|---|
| committer | Garming Sam <garming@samba.org> | 2016-07-05 00:00:15 +0200 |
| commit | 21295155cc285843f4e145efb5ef11344109db88 (patch) | |
| tree | 95ab1bfd29e6cb011286600eeea017743b491124 /source4/dsdb/common/util.c | |
| parent | ef0cbc556017b1ac3a6893add54890ff03670233 (diff) | |
| download | samba-21295155cc285843f4e145efb5ef11344109db88.tar.gz | |
check_password_script: Add a DEBUG message for timeouts
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb/common/util.c')
| -rw-r--r-- | source4/dsdb/common/util.c | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 2a1e44b5263..1c546d7db4e 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1981,6 +1981,15 @@ int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, return ret; } +static void pwd_timeout_debug(struct tevent_context *unused1, + struct tevent_timer *unused2, + struct timeval unused3, + void *unused4) +{ + DEBUG(0, ("WARNING: check_password_complexity: password script " + "took more than 1 second to run\n")); +} + /* * Performs checks on a user password (plaintext UNIX format - attribute @@ -2032,12 +2041,18 @@ enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx, return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR; } - req = samba_runcmd_send(mem_ctx, event_ctx, - tevent_timeval_current_ofs(0, 10000000), + /* Gives a warning after 1 second, terminates after 10 */ + tevent_add_timer(event_ctx, event_ctx, + tevent_timeval_current_ofs(1, 0), + pwd_timeout_debug, NULL); + + req = samba_runcmd_send(event_ctx, event_ctx, + tevent_timeval_current_ofs(10, 0), 100, 100, cmd, NULL); run_cmd = tevent_req_data(req, struct samba_runcmd_state); if (write(run_cmd->fd_stdin, utf8_pw, utf8_len) != utf8_len) { TALLOC_FREE(password_script); + TALLOC_FREE(event_ctx); return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR; } @@ -2046,23 +2061,31 @@ enum samr_ValidationStatus samdb_check_password(TALLOC_CTX *mem_ctx, if (!tevent_req_poll(req, event_ctx)) { TALLOC_FREE(password_script); + TALLOC_FREE(event_ctx); return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR; } check_ret = samba_runcmd_recv(req, &error); - TALLOC_FREE(req); - - DEBUG(5,("check_password_complexity: check password script (%s) " - "returned [%d]\n", password_script, check_ret)); - TALLOC_FREE(password_script); + TALLOC_FREE(event_ctx); - if (check_ret != 0) { - DEBUG(1,("check_password_complexity: " - "check password script said new password is not good " - "enough!\n")); - return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH; + if (error == ETIMEDOUT) { + DEBUG(0, ("check_password_complexity: check password script took too long!\n")); + TALLOC_FREE(password_script); + return SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR; + } else { + DEBUG(5,("check_password_complexity: check password script (%s) " + "returned [%d]\n", password_script, check_ret)); + + if (check_ret != 0) { + DEBUG(1,("check_password_complexity: " + "check password script said new password is not good " + "enough!\n")); + TALLOC_FREE(password_script); + return SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH; + } } + TALLOC_FREE(password_script); return SAMR_VALIDATION_STATUS_SUCCESS; } |