diff options
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth.c | 12 | ||||
-rw-r--r-- | source3/auth/auth_domain.c | 3 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 8 |
3 files changed, 16 insertions, 7 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 25b856cd57..c50fc1a9b7 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -269,9 +269,15 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, } talloc_destroy(mem_ctx); - - if (NT_STATUS_IS_OK(nt_status)) - break; + + /* this sucks. Somehow we have to know if an authentication module is + authoritative for a user. Fixme!!! --jerry */ + + if ( NT_STATUS_IS_OK(nt_status) || + NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_WRONG_PASSWORD) ) + { + break; + } } if (NT_STATUS_IS_OK(nt_status)) { diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 84453ac3b5..39ec864f75 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -346,6 +346,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, user_info->lm_resp, user_info->nt_resp, &info3); + release_server_mutex(); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("domain_client_validate: unable to validate password " "for user %s in domain %s to Domain controller %s. " @@ -386,7 +388,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, cli_nt_session_close(cli); cli_ulogoff(cli); cli_shutdown(cli); - release_server_mutex(); return nt_status; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index fe4900f9f4..71fdb0050b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1031,15 +1031,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - /* now that we have a SAM_ACCOUNT that looks real, make a server_info - to wrap it in, and use pass it on down */ - if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info))) { DEBUG(4, ("make_server_info failed!\n")); pdb_free_sam(&sam_account); return nt_status; } + /* save this here to _net_sam_logon() doesn't fail (it assumes a + valid SAM_ACCOUNT) */ + + (*server_info)->sam_account = sam_account; + /* Fill in the unix info we found on the way */ (*server_info)->sam_fill_level = SAM_FILL_ALL; |