smb_pam_accountcheck returns bad value?
Simo Sorce
idra at samba.org
Fri May 4 07:53:30 GMT 2001
Yes, looking at the 2.2 code password_ok has what you reported, but I'm working on HEAD and it has:
if (ret)
return smb_pam_accountcheck(user);
changed by jra on revision 1.207
so I was not able to test with head and searched for the problem, I'll change my password_ok and smb_pam_accountcheck accordingly to your code.
On Fri, May 04, 2001 at 01:01:51PM +1000, Andrew Bartlett wrote:
> No, we use NT_STATUS constants to allow us to make NT show a meaningful
> error message on failure. This is used in the domain logon code, which
> calls smb_pam_accountcheck.
>
> Furthermore the current code in SAMBA_2_2 has this is
> password.c:password_ok()
>
> if (ret)
> return (smb_pam_accountcheck(user) ==
> NT_STATUS_NOPROBLEMO);
>
> So I fail to see the bug.
>
> Ensure your local tree is up-to-date.
>
> Andrew Bartlett
>
> Simo Sorce wrote:
> >
> > shouldn't smb_pam_accountcheck return true on success?
> > testing without pam support I've seen that smb_pam_accountcheck
> > returns NT_STATUS_NOPROBLEMO (0x0) to password_ok instead of true (1)
> > this will make password validation fail when it should not (password_ok return True on success)
> >
> > I've changed it to:
> >
> > uint32 smb_pam_accountcheck(char * user)
> > {
> > return True;
> > }
> >
> > to be able to validate users.
> >
> > bye.
> >
> > --
> > Simo Sorce
> > ------------------------------
> > Unix IS user friendly, it is just selective about who his friends are.
>
> --
> Andrew Bartlett
> abartlet at pcug.org.au
>
--
Simo Sorce
------------------------------
Unix IS user friendly, it is just selective about who his friends are.
More information about the samba-technical
mailing list