summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-09-25 11:34:31 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-09-25 11:34:31 +0000
commit82102d9c99f9b255d6262553187642e9637e4670 (patch)
tree4fbf42bfe846f73e020b94549a38e2637bb6ee90 /source3/passdb/passdb.c
parent8df2ac63f067e7d11959497a09ff4dd00e8087f7 (diff)
downloadsamba-82102d9c99f9b255d6262553187642e9637e4670.tar.gz
samba-82102d9c99f9b255d6262553187642e9637e4670.tar.bz2
samba-82102d9c99f9b255d6262553187642e9637e4670.zip
This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans up
pdb_ldap and adds a 'ldap passwd sync' option. The idea with this option is to do allow an ldap backend to do all the fancy password hashing etc - and to tell smbd no to try and double-up. Using 'ldap passwd sync = only' will do this, but is not recommended unless such a backend is in place... Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd sync = yes' and having both PAM and pam_ldap correctly configured for 'magic root' behaviour, but only using ldap connection, and one set of credentials. This also gets us closer to allowing ldap to say 'password too short' etc, which might assist in maintaining a consistant password policy. Andrew Bartlett (This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
Diffstat (limited to 'source3/passdb/passdb.c')
-rw-r--r--source3/passdb/passdb.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 05450c9f2f..e0f0cce67f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -75,11 +75,19 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user)
user->private.workstations = "";
user->private.unknown_str = "";
user->private.munged_dial = "";
+
+ user->private.plaintext_pw = NULL;
+
}
static void destroy_pdb_talloc(SAM_ACCOUNT **user)
{
if (*user) {
+ data_blob_clear_free(&((*user)->private.lm_pw));
+ data_blob_clear_free(&((*user)->private.nt_pw));
+
+ if((*user)->private.plaintext_pw!=NULL)
+ memset((*user)->private.plaintext_pw,'\0',strlen((*user)->private.plaintext_pw));
talloc_destroy((*user)->mem_ctx);
*user = NULL;
}
@@ -310,7 +318,8 @@ static void pdb_free_sam_contents(SAM_ACCOUNT *user)
data_blob_clear_free(&(user->private.lm_pw));
data_blob_clear_free(&(user->private.nt_pw));
- data_blob_clear_free(&(user->private.plaintext_pw));
+ if (user->private.plaintext_pw!=NULL)
+ memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
}