diff options
| author | Samba Release Account <samba-bugs@samba.org> | 1997-02-04 10:35:38 +0000 |
|---|---|---|
| committer | Samba Release Account <samba-bugs@samba.org> | 1997-02-04 10:35:38 +0000 |
| commit | cc55a88ddc9c08cc669da731e9f7aafc379680ee (patch) | |
| tree | 7f6e15d85ff5c3b29cf48b17a94f83410a2a2286 | |
| parent | 1fe69a7dd9311e211f05ebba45ec574ded35ca89 (diff) | |
| download | samba-cc55a88ddc9c08cc669da731e9f7aafc379680ee.tar.gz samba-cc55a88ddc9c08cc669da731e9f7aafc379680ee.tar.bz2 samba-cc55a88ddc9c08cc669da731e9f7aafc379680ee.zip | |
JHT ===> Fixed potential PAM Security hole and second chance syndrome
spurious warning message "Warning - no crypt available"
(This used to be commit dc559428b85474ff4d80f37f421365a3910a8861)
| -rw-r--r-- | source3/smbd/password.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 8c1a1026cc..3ccc1e4cfd 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -612,7 +612,16 @@ BOOL password_check(char *password) { #ifdef USE_PAM +/* This falls through if the password check fails + - if NO_CRYPT is defined this causes an error msg + saying Warning - no crypt available + - if NO_CRYPT is NOT defined this is a potential security hole + as it may authenticate via the crypt call when PAM + settings say it should fail. if (pam_auth(this_user,password)) return(True); +Hence we make a direct return to avoid a second chance!!! +*/ + return (pam_auth(this_user,password)); #endif #ifdef AFS_AUTH |