From 5d9f51064444f6d41f4e4c3766afdd77cd96b9e3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 13 Jan 2006 22:55:23 +0000
Subject: r12918: Don't tell the user the difference between 'no such user' and
 'wrong password'.

Andrew Bartlett
(This used to be commit e13cb0ab175069eb670c8b2f57379ababacfcce3)
---
 source4/scripting/ejs/smbcalls_auth.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4')

diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c
index 5c70b6908b..4c943e6fb3 100644
--- a/source4/scripting/ejs/smbcalls_auth.c
+++ b/source4/scripting/ejs/smbcalls_auth.c
@@ -75,6 +75,11 @@ static int ejs_doauth(MprVarHandle eid,
 	user_info->logon_parameters = 0;
 
 	nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+
+	/* Don't give the game away (any difference between no such
+	 * user and wrong password) */
+	nt_status = auth_nt_status_squash(nt_status);
+
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		mprSetPropertyValue(auth, "report", 
 				    mprString(talloc_asprintf(mprMemCtx(), "Login Failed: %s", 
-- 
cgit