diff options
| author | Jeremy Allison <jra@samba.org> | 2001-04-22 07:20:24 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-04-22 07:20:24 +0000 |
| commit | e277c08631316ccda875a09a67ebb220c495c5a9 (patch) | |
| tree | ee9941fd02f0d9e551691de1719eb0a2205fb81b /source3/auth/pass_check.c | |
| parent | 130f31f5713d43ea2f237cfe0fc142a171eeb82f (diff) | |
| download | samba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.gz samba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.bz2 samba-e277c08631316ccda875a09a67ebb220c495c5a9.zip | |
Commit of a modified version of Andrew Bartlett's patch that removes the
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
(This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
Diffstat (limited to 'source3/auth/pass_check.c')
| -rw-r--r-- | source3/auth/pass_check.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 236465bc90..08961e5099 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -681,12 +681,13 @@ the function pointer fn() points to a function to call when a successful match is found and is used to update the encrypted password file return True on correct match, False otherwise ****************************************************************************/ + BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, BOOL (*fn) (char *, char *)) { pstring pass2; int level = lp_passwordlevel(); - struct passwd *pass; + struct passwd *pass = NULL; if (password) password[pwlen] = 0; @@ -708,8 +709,20 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, pass = Get_Pwnam(user, True); } +#ifdef WITH_PAM + + /* + * If we're using PAM we want to short-circuit all the + * checks below and dive straight into the PAM code. + */ + + fstrcpy(this_user, user); + + DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen)); + +#else /* Not using PAM */ - DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen)); + DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); if (!pass) { DEBUG(3, ("Couldn't find user %s\n", user)); @@ -802,6 +815,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, } } +#endif /* WITH_PAM */ + /* try it as it came to us */ if (password_check(password)) { if (fn) |