summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-04-22 07:20:24 +0000
committerJeremy Allison <jra@samba.org>2001-04-22 07:20:24 +0000
commite277c08631316ccda875a09a67ebb220c495c5a9 (patch)
treeee9941fd02f0d9e551691de1719eb0a2205fb81b /source3/smbd/password.c
parent130f31f5713d43ea2f237cfe0fc142a171eeb82f (diff)
downloadsamba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.gz
samba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.bz2
samba-e277c08631316ccda875a09a67ebb220c495c5a9.zip
Commit of a modified version of Andrew Bartlett's patch that removes the
horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
Diffstat (limited to 'source3/smbd/password.c')
-rw-r--r--source3/smbd/password.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6c0fe79845..698c6a1356 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -606,24 +606,33 @@ return True if the password is correct, False otherwise
****************************************************************************/
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
{
+ BOOL ret;
+
if ((pwlen == 0) && !lp_null_passwords()) {
DEBUG(4,("Null passwords not allowed.\n"));
return False;
}
- if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
- {
+ if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
/* if 24 bytes long assume it is an encrypted password */
uchar challenge[8];
- if (!last_challenge(challenge))
- {
+ if (!last_challenge(challenge)) {
DEBUG(0,("Error: challenge not done for user=%s\n", user));
return False;
}
- return pass_check_smb(user, global_myworkgroup,
+ ret = pass_check_smb(user, global_myworkgroup,
challenge, (uchar *)password, (uchar *)password, pwd);
+
+ /*
+ * Try with PAM (may not be compiled in - returns True if not. JRA).
+ * FIXME ! Should this be called if we're using winbindd ? What about
+ * non-local accounts ? JRA.
+ */
+
+ if (ret)
+ return pam_accountcheck(user);
}
return pass_check(user, password, pwlen, pwd,