svn commit: samba r5818 - in trunk/source/passdb: .
jra at samba.org
jra at samba.org
Wed Mar 16 00:27:09 GMT 2005
Author: jra
Date: 2005-03-16 00:27:04 +0000 (Wed, 16 Mar 2005)
New Revision: 5818
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5818
Log:
Patch from Vince Brimhall <vbrimhall at novell.com> to change the way pdb_nds
handles users with no Universal or Simple Password. Bug #2453.
Jeremy.
Modified:
trunk/source/passdb/pdb_nds.c
Changeset:
Modified: trunk/source/passdb/pdb_nds.c
===================================================================
--- trunk/source/passdb/pdb_nds.c 2005-03-16 00:26:57 UTC (rev 5817)
+++ trunk/source/passdb/pdb_nds.c 2005-03-16 00:27:04 UTC (rev 5818)
@@ -765,6 +765,7 @@
char protocol[12];
char ldap_server[256];
const char *username = pdb_get_username(sam_acct);
+ BOOL got_clear_text_pw = False;
DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n",
success ? "Successful" : "Failed", username));
@@ -796,7 +797,8 @@
pwd_len = sizeof(clear_text_pw);
if (success == True) {
if (pdb_nds_get_password(ldap_state->smbldap_state, dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
- /* */
+ /* Got clear text password. Use simple ldap bind */
+ got_clear_text_pw = True;
}
} else {
generate_random_buffer(clear_text_pw, 24);
@@ -850,22 +852,24 @@
}
}
- /* Attempt simple bind with real or bogus password */
- rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
- if (rc == LDAP_SUCCESS) {
- DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
- ldap_unbind_ext(ld, NULL, NULL);
- } else {
- NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
- DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
- switch(rc) {
- case LDAP_INVALID_CREDENTIALS:
- nt_status = NT_STATUS_WRONG_PASSWORD;
- break;
- default:
- break;
+ if((success != True) || (got_clear_text_pw == True)) {
+ /* Attempt simple bind with real or bogus password */
+ rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+ if (rc == LDAP_SUCCESS) {
+ DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
+ ldap_unbind_ext(ld, NULL, NULL);
+ } else {
+ NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
+ DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
+ switch(rc) {
+ case LDAP_INVALID_CREDENTIALS:
+ nt_status = NT_STATUS_WRONG_PASSWORD;
+ break;
+ default:
+ break;
+ }
+ return nt_status;
}
- return nt_status;
}
}
More information about the samba-cvs
mailing list