smb_pam_accountcheck returns bad value?

Andrew Bartlett abartlet at pcug.org.au
Fri May 4 12:59:42 GMT 2001 

This raises an important point.  I understand that we want, as a general
rule, to move to NT_STATUS constants internally.  While this is a good
thing, its gradual implementation WILL raise issues like this - the
function will compile perfectly, but have exactly opposite results.

Andrew Bartlett
abartlet at pcug.org.au

Simo Sorce wrote:
> 
> Yes, looking at the 2.2 code password_ok has what you reported, but I'm working on HEAD and it has:
>                if (ret)
>                        return smb_pam_accountcheck(user);
> 
> changed by jra on revision 1.207
> 
> so I was not able to test with head and searched for the problem, I'll change my password_ok and smb_pam_accountcheck accordingly to your code.
> 
> On Fri, May 04, 2001 at 01:01:51PM +1000, Andrew Bartlett wrote:
> > No, we use NT_STATUS constants to allow us to make NT show a meaningful
> > error message on failure.  This is used in the domain logon code, which
> > calls smb_pam_accountcheck.
> >
> > Furthermore the current code in SAMBA_2_2 has this is
> > password.c:password_ok()
> >
> >                 if (ret)
> >                   return (smb_pam_accountcheck(user) ==
> > NT_STATUS_NOPROBLEMO);
> >
> > So I fail to see the bug.
> >
> > Ensure your local tree is up-to-date.
> >
> > Andrew Bartlett
> >
> > Simo Sorce wrote:
> > >
> > > shouldn't smb_pam_accountcheck return true on success?
> > > testing without pam support I've seen that smb_pam_accountcheck
> > > returns NT_STATUS_NOPROBLEMO (0x0) to password_ok instead of true (1)
> > > this will make password validation fail when it should not (password_ok return True on success)
> > >
> > > I've changed it to:
> > >
> > > uint32 smb_pam_accountcheck(char * user)
> > > {
> > >         return True;
> > > }
> > >
> > > to be able to validate users.
> > >
> > > bye.
> > >
> > > --
> > > Simo Sorce
> > > ------------------------------
> > >  Unix IS user friendly, it is just selective about who his friends are.
> >
> > --
> > Andrew Bartlett
> > abartlet at pcug.org.au
> >
> 
> --
> Simo Sorce
> ------------------------------
>  Unix IS user friendly, it is just selective about who his friends are.

-- 
Andrew Bartlett
abartlet at pcug.org.au

More information about the samba-technical mailing list