Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by

simply not doing Get_Pwnam() calls in pass_check.c

We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter
what it returns.  We also no longer run the password cracker for these logins.

The truly parinod will note the slight difference in call paths, in that we only
call crypt for valid password structs (if not --with-pam).  The truly parinoid
don't run SWAT either, so I don't think this is an issue.

Andrew Bartlett
(This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb)

1 files changed, 10 insertions, 4 deletions

diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index ea32a65457..7c6c58cafa 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -71,13 +71,19 @@ in PLAIN TEXT
 NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
 {
 	NTSTATUS nt_status;
-	
+	struct passwd *pass = NULL;
+
 	become_root();
-	nt_status = (pass_check(user_info->unix_username.str, 
-                                user_info->plaintext_password.str,
+	
+	pass = Get_Pwnam(user_info->unix_username.str, False);
+
+	nt_status = (pass_check(pass,
+				user_info->unix_username.str, 
+				user_info->plaintext_password.str,
 				user_info->plaintext_password.len,
 				lp_update_encrypted() ? 
-                                update_smbpassword_file : NULL) 
+				update_smbpassword_file : NULL,
+				True) 
 		     ? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);
 	unbecome_root();