diff options
author | Jeremy Allison <jra@samba.org> | 2005-03-16 00:26:57 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:03 -0500 |
commit | 91d355772fddd453d5f2c67641fb42cc717f82f2 (patch) | |
tree | 2071f691eb8ce69aa2511a549f53141fe2eb07da /source3 | |
parent | 55f480b009a577d47dd7ea430607a91db858485f (diff) | |
download | samba-91d355772fddd453d5f2c67641fb42cc717f82f2.tar.gz samba-91d355772fddd453d5f2c67641fb42cc717f82f2.tar.bz2 samba-91d355772fddd453d5f2c67641fb42cc717f82f2.zip |
r5817: Patch from Vince Brimhall <vbrimhall@novell.com> to change the way pdb_nds
handles users with no Universal or Simple Password. Bug #2453.
Jeremy.
(This used to be commit 0976793e3022254c31bda0fe3c49f864514c8d4c)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/pdb_nds.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/source3/passdb/pdb_nds.c b/source3/passdb/pdb_nds.c index 4d91b5b867..06060d4067 100644 --- a/source3/passdb/pdb_nds.c +++ b/source3/passdb/pdb_nds.c @@ -764,6 +764,7 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods, char protocol[12]; char ldap_server[256]; const char *username = pdb_get_username(sam_acct); + BOOL got_clear_text_pw = False; DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n", success ? "Successful" : "Failed", username)); @@ -795,7 +796,8 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods, pwd_len = sizeof(clear_text_pw); if (success == True) { if (pdb_nds_get_password(ldap_state->smbldap_state, dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) { - /* */ + /* Got clear text password. Use simple ldap bind */ + got_clear_text_pw = True; } } else { generate_random_buffer(clear_text_pw, 24); @@ -849,22 +851,24 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods, } } - /* Attempt simple bind with real or bogus password */ - rc = ldap_simple_bind_s(ld, dn, clear_text_pw); - if (rc == LDAP_SUCCESS) { - DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username)); - ldap_unbind_ext(ld, NULL, NULL); - } else { - NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION; - DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username)); - switch(rc) { - case LDAP_INVALID_CREDENTIALS: - nt_status = NT_STATUS_WRONG_PASSWORD; - break; - default: - break; + if((success != True) || (got_clear_text_pw == True)) { + /* Attempt simple bind with real or bogus password */ + rc = ldap_simple_bind_s(ld, dn, clear_text_pw); + if (rc == LDAP_SUCCESS) { + DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username)); + ldap_unbind_ext(ld, NULL, NULL); + } else { + NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION; + DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username)); + switch(rc) { + case LDAP_INVALID_CREDENTIALS: + nt_status = NT_STATUS_WRONG_PASSWORD; + break; + default: + break; + } + return nt_status; } - return nt_status; } } |