summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-03-16 00:26:57 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:03 -0500
commit91d355772fddd453d5f2c67641fb42cc717f82f2 (patch)
tree2071f691eb8ce69aa2511a549f53141fe2eb07da /source3/passdb
parent55f480b009a577d47dd7ea430607a91db858485f (diff)
downloadsamba-91d355772fddd453d5f2c67641fb42cc717f82f2.tar.gz
samba-91d355772fddd453d5f2c67641fb42cc717f82f2.tar.bz2
samba-91d355772fddd453d5f2c67641fb42cc717f82f2.zip
r5817: Patch from Vince Brimhall <vbrimhall@novell.com> to change the way pdb_nds
handles users with no Universal or Simple Password. Bug #2453. Jeremy. (This used to be commit 0976793e3022254c31bda0fe3c49f864514c8d4c)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/pdb_nds.c36
1 files changed, 20 insertions, 16 deletions
diff --git a/source3/passdb/pdb_nds.c b/source3/passdb/pdb_nds.c
index 4d91b5b867..06060d4067 100644
--- a/source3/passdb/pdb_nds.c
+++ b/source3/passdb/pdb_nds.c
@@ -764,6 +764,7 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
char protocol[12];
char ldap_server[256];
const char *username = pdb_get_username(sam_acct);
+ BOOL got_clear_text_pw = False;
DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n",
success ? "Successful" : "Failed", username));
@@ -795,7 +796,8 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
pwd_len = sizeof(clear_text_pw);
if (success == True) {
if (pdb_nds_get_password(ldap_state->smbldap_state, dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
- /* */
+ /* Got clear text password. Use simple ldap bind */
+ got_clear_text_pw = True;
}
} else {
generate_random_buffer(clear_text_pw, 24);
@@ -849,22 +851,24 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
}
}
- /* Attempt simple bind with real or bogus password */
- rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
- if (rc == LDAP_SUCCESS) {
- DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
- ldap_unbind_ext(ld, NULL, NULL);
- } else {
- NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
- DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
- switch(rc) {
- case LDAP_INVALID_CREDENTIALS:
- nt_status = NT_STATUS_WRONG_PASSWORD;
- break;
- default:
- break;
+ if((success != True) || (got_clear_text_pw == True)) {
+ /* Attempt simple bind with real or bogus password */
+ rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+ if (rc == LDAP_SUCCESS) {
+ DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
+ ldap_unbind_ext(ld, NULL, NULL);
+ } else {
+ NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
+ DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
+ switch(rc) {
+ case LDAP_INVALID_CREDENTIALS:
+ nt_status = NT_STATUS_WRONG_PASSWORD;
+ break;
+ default:
+ break;
+ }
+ return nt_status;
}
- return nt_status;
}
}