svn commit: samba r5818 - in trunk/source/passdb: .

[jra at samba.org]

Author: jra
Date: 2005-03-16 00:27:04 +0000 (Wed, 16 Mar 2005)
New Revision: 5818

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5818

Log:
Patch from Vince Brimhall <vbrimhall at novell.com> to change the way pdb_nds
handles users with no Universal or Simple Password. Bug #2453.
Jeremy.

Modified:
   trunk/source/passdb/pdb_nds.c


Changeset:
Modified: trunk/source/passdb/pdb_nds.c
===================================================================
--- trunk/source/passdb/pdb_nds.c	2005-03-16 00:26:57 UTC (rev 5817)
+++ trunk/source/passdb/pdb_nds.c	2005-03-16 00:27:04 UTC (rev 5818)
@@ -765,6 +765,7 @@
 		char protocol[12];
 		char ldap_server[256];
 		const char *username = pdb_get_username(sam_acct);
+		BOOL got_clear_text_pw = False;
 
 		DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n",
 				success ? "Successful" : "Failed", username));
@@ -796,7 +797,8 @@
 		pwd_len = sizeof(clear_text_pw);
 		if (success == True) {
 			if (pdb_nds_get_password(ldap_state->smbldap_state, dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
-				/*  */
+				/* Got clear text password. Use simple ldap bind */
+				got_clear_text_pw = True;
 			}
 		} else {
 			generate_random_buffer(clear_text_pw, 24);
@@ -850,22 +852,24 @@
 			}
 		}
 
-		/* Attempt simple bind with real or bogus password */
-		rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
-		if (rc == LDAP_SUCCESS) {
-			DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
-			ldap_unbind_ext(ld, NULL, NULL);
-		} else {
-			NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
-			DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
-			switch(rc) {
-				case LDAP_INVALID_CREDENTIALS:
-					nt_status = NT_STATUS_WRONG_PASSWORD;
-					break;
-				default:
-					break;
+		if((success != True) || (got_clear_text_pw == True)) {
+			/* Attempt simple bind with real or bogus password */
+			rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+			if (rc == LDAP_SUCCESS) {
+				DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
+				ldap_unbind_ext(ld, NULL, NULL);
+			} else {
+				NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
+				DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
+				switch(rc) {
+					case LDAP_INVALID_CREDENTIALS:
+						nt_status = NT_STATUS_WRONG_PASSWORD;
+						break;
+					default:
+						break;
+				}
+				return nt_status;
 			}
-			return nt_status;
 		}
 	}