r12918: Don't tell the user the difference between 'no such user' and 'wrong

password'. Andrew Bartlett (This used to be commit e13cb0ab175069eb670c8b2f57379ababacfcce3)
author: Andrew Bartlett <abartlet@samba.org> 2006-01-13 22:55:23 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:51:02 -0500
commit: 5d9f51064444f6d41f4e4c3766afdd77cd96b9e3 (patch)
tree: 61851b4e3536dca299a9c7478db4c7ecdfba2628 /source4
parent: eed0a95128714b93b9ff484780e5d74fc301be6d (diff)
download: samba-5d9f51064444f6d41f4e4c3766afdd77cd96b9e3.tar.gz
samba-5d9f51064444f6d41f4e4c3766afdd77cd96b9e3.tar.bz2
samba-5d9f51064444f6d41f4e4c3766afdd77cd96b9e3.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c
index 5c70b6908b..4c943e6fb3 100644
--- a/source4/scripting/ejs/smbcalls_auth.c
+++ b/source4/scripting/ejs/smbcalls_auth.c
@@ -75,6 +75,11 @@ static int ejs_doauth(MprVarHandle eid,
 	user_info->logon_parameters = 0;
 
 	nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+
+	/* Don't give the game away (any difference between no such
+	 * user and wrong password) */
+	nt_status = auth_nt_status_squash(nt_status);
+
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		mprSetPropertyValue(auth, "report", 
 				    mprString(talloc_asprintf(mprMemCtx(), "Login Failed: %s",
author	Andrew Bartlett <abartlet@samba.org>	2006-01-13 22:55:23 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:51:02 -0500
commit	5d9f51064444f6d41f4e4c3766afdd77cd96b9e3 (patch)
tree	61851b4e3536dca299a9c7478db4c7ecdfba2628 /source4
parent	eed0a95128714b93b9ff484780e5d74fc301be6d (diff)
download	samba-5d9f51064444f6d41f4e4c3766afdd77cd96b9e3.tar.gz samba-5d9f51064444f6d41f4e4c3766afdd77cd96b9e3.tar.bz2 samba-5d9f51064444f6d41f4e4c3766afdd77cd96b9e3.zip