summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-19 05:26:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-19 05:26:11 +0000
commit6adafe50d4a9a75a6fe1f666232e0af1ac717513 (patch)
treee29f4759588fadfc5c81d6674f91d3568556c726 /source3/auth
parent2309cd7f6415e2908f25c73440e49818bd426de0 (diff)
downloadsamba-6adafe50d4a9a75a6fe1f666232e0af1ac717513.tar.gz
samba-6adafe50d4a9a75a6fe1f666232e0af1ac717513.tar.bz2
samba-6adafe50d4a9a75a6fe1f666232e0af1ac717513.zip
Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by
simply not doing Get_Pwnam() calls in pass_check.c We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_unix.c14
-rw-r--r--source3/auth/pass_check.c11
2 files changed, 16 insertions, 9 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index ea32a65457..7c6c58cafa 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -71,13 +71,19 @@ in PLAIN TEXT
NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
NTSTATUS nt_status;
-
+ struct passwd *pass = NULL;
+
become_root();
- nt_status = (pass_check(user_info->unix_username.str,
- user_info->plaintext_password.str,
+
+ pass = Get_Pwnam(user_info->unix_username.str, False);
+
+ nt_status = (pass_check(pass,
+ user_info->unix_username.str,
+ user_info->plaintext_password.str,
user_info->plaintext_password.len,
lp_update_encrypted() ?
- update_smbpassword_file : NULL)
+ update_smbpassword_file : NULL,
+ True)
? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);
unbecome_root();
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index 59fc9e2eac..7426bfcbe3 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -682,12 +682,11 @@ match is found and is used to update the encrypted password file
return True on correct match, False otherwise
****************************************************************************/
-BOOL pass_check(char *user, char *password, int pwlen,
- BOOL (*fn) (char *, char *))
+BOOL pass_check(struct passwd *pass, char *user, char *password, int pwlen,
+ BOOL (*fn) (char *, char *), BOOL run_cracker)
{
pstring pass2;
int level = lp_passwordlevel();
- struct passwd *pass = NULL;
if (password)
password[pwlen] = 0;
@@ -702,8 +701,6 @@ BOOL pass_check(char *user, char *password, int pwlen,
if (((!*password) || (!pwlen)) && !lp_null_passwords())
return (False);
- pass = Get_Pwnam(user, True);
-
#ifdef WITH_PAM
/*
@@ -819,6 +816,10 @@ BOOL pass_check(char *user, char *password, int pwlen,
return (True);
}
+ if (!run_cracker) {
+ return False;
+ }
+
/* if the password was given to us with mixed case then we don't
need to proceed as we know it hasn't been case modified by the
client */