r5817: Patch from Vince Brimhall <vbrimhall@novell.com> to change the way pdb_nds

handles users with no Universal or Simple Password. Bug #2453.
Jeremy.

diff --git a/source/passdb/pdb_nds.c b/source/passdb/pdb_nds.c
index 4d91b5b867212776547a8f3f72b7af5b4dc667b5..06060d4067a06fc2b10d2eb38a27022ec8c8b6f2 100644 (file)
--- a/source/passdb/pdb_nds.c
+++ b/source/passdb/pdb_nds.c
@@ -764,6 +764,7 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
                char protocol[12];
                char ldap_server[256];
                const char *username = pdb_get_username(sam_acct);
+               BOOL got_clear_text_pw = False;
 
                DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n",
                                success ? "Successful" : "Failed", username));
@@ -795,7 +796,8 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
                pwd_len = sizeof(clear_text_pw);
                if (success == True) {
                        if (pdb_nds_get_password(ldap_state->smbldap_state, dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
-                               /*  */
+                               /* Got clear text password. Use simple ldap bind */
+                               got_clear_text_pw = True;
                        }
                } else {
                        generate_random_buffer(clear_text_pw, 24);
@@ -849,22 +851,24 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
                        }
                }
 
-               /* Attempt simple bind with real or bogus password */
-               rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
-               if (rc == LDAP_SUCCESS) {
-                       DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
-                       ldap_unbind_ext(ld, NULL, NULL);
-               } else {
-                       NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
-                       DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
-                       switch(rc) {
-                               case LDAP_INVALID_CREDENTIALS:
-                                       nt_status = NT_STATUS_WRONG_PASSWORD;
-                                       break;
-                               default:
-                                       break;
+               if((success != True) || (got_clear_text_pw == True)) {
+                       /* Attempt simple bind with real or bogus password */
+                       rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+                       if (rc == LDAP_SUCCESS) {
+                               DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
+                               ldap_unbind_ext(ld, NULL, NULL);
+                       } else {
+                               NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
+                               DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
+                               switch(rc) {
+                                       case LDAP_INVALID_CREDENTIALS:
+                                               nt_status = NT_STATUS_WRONG_PASSWORD;
+                                               break;
+                                       default:
+                                               break;
+                               }
+                               return nt_status;
                        }
-                       return nt_status;
                }
        }