diff options
author | Jeremy Allison <jra@samba.org> | 2001-04-22 07:20:24 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-04-22 07:20:24 +0000 |
commit | e277c08631316ccda875a09a67ebb220c495c5a9 (patch) | |
tree | ee9941fd02f0d9e551691de1719eb0a2205fb81b /source3/smbd/password.c | |
parent | 130f31f5713d43ea2f237cfe0fc142a171eeb82f (diff) | |
download | samba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.gz samba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.bz2 samba-e277c08631316ccda875a09a67ebb220c495c5a9.zip |
Commit of a modified version of Andrew Bartlett's patch that removes the
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
(This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
Diffstat (limited to 'source3/smbd/password.c')
-rw-r--r-- | source3/smbd/password.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 6c0fe79845..698c6a1356 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -606,24 +606,33 @@ return True if the password is correct, False otherwise ****************************************************************************/ BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd) { + BOOL ret; + if ((pwlen == 0) && !lp_null_passwords()) { DEBUG(4,("Null passwords not allowed.\n")); return False; } - if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) - { + if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) { /* if 24 bytes long assume it is an encrypted password */ uchar challenge[8]; - if (!last_challenge(challenge)) - { + if (!last_challenge(challenge)) { DEBUG(0,("Error: challenge not done for user=%s\n", user)); return False; } - return pass_check_smb(user, global_myworkgroup, + ret = pass_check_smb(user, global_myworkgroup, challenge, (uchar *)password, (uchar *)password, pwd); + + /* + * Try with PAM (may not be compiled in - returns True if not. JRA). + * FIXME ! Should this be called if we're using winbindd ? What about + * non-local accounts ? JRA. + */ + + if (ret) + return pam_accountcheck(user); } return pass_check(user, password, pwlen, pwd, |