svn commit: samba r12918 - in
branches/SAMBA_4_0/source/scripting/ejs: .
abartlet at samba.org
abartlet at samba.org
Fri Jan 13 22:55:23 GMT 2006
Author: abartlet
Date: 2006-01-13 22:55:23 +0000 (Fri, 13 Jan 2006)
New Revision: 12918
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12918
Log:
Don't tell the user the difference between 'no such user' and 'wrong
password'.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/ejs/smbcalls_auth.c
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_auth.c
===================================================================
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_auth.c 2006-01-13 22:48:08 UTC (rev 12917)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_auth.c 2006-01-13 22:55:23 UTC (rev 12918)
@@ -75,6 +75,11 @@
user_info->logon_parameters = 0;
nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+
+ /* Don't give the game away (any difference between no such
+ * user and wrong password) */
+ nt_status = auth_nt_status_squash(nt_status);
+
if (!NT_STATUS_IS_OK(nt_status)) {
mprSetPropertyValue(auth, "report",
mprString(talloc_asprintf(mprMemCtx(), "Login Failed: %s",
More information about the samba-cvs
mailing list