summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamba Release Account <samba-bugs@samba.org>1997-02-04 10:35:38 +0000
committerSamba Release Account <samba-bugs@samba.org>1997-02-04 10:35:38 +0000
commitcc55a88ddc9c08cc669da731e9f7aafc379680ee (patch)
tree7f6e15d85ff5c3b29cf48b17a94f83410a2a2286
parent1fe69a7dd9311e211f05ebba45ec574ded35ca89 (diff)
downloadsamba-cc55a88ddc9c08cc669da731e9f7aafc379680ee.tar.gz
samba-cc55a88ddc9c08cc669da731e9f7aafc379680ee.tar.bz2
samba-cc55a88ddc9c08cc669da731e9f7aafc379680ee.zip
JHT ===> Fixed potential PAM Security hole and second chance syndrome
spurious warning message "Warning - no crypt available" (This used to be commit dc559428b85474ff4d80f37f421365a3910a8861)
-rw-r--r--source3/smbd/password.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 8c1a1026cc..3ccc1e4cfd 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -612,7 +612,16 @@ BOOL password_check(char *password)
{
#ifdef USE_PAM
+/* This falls through if the password check fails
+ - if NO_CRYPT is defined this causes an error msg
+ saying Warning - no crypt available
+ - if NO_CRYPT is NOT defined this is a potential security hole
+ as it may authenticate via the crypt call when PAM
+ settings say it should fail.
if (pam_auth(this_user,password)) return(True);
+Hence we make a direct return to avoid a second chance!!!
+*/
+ return (pam_auth(this_user,password));
#endif
#ifdef AFS_AUTH