summaryrefslogtreecommitdiff
path: root/source3/web
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-19 05:26:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-19 05:26:11 +0000
commit6adafe50d4a9a75a6fe1f666232e0af1ac717513 (patch)
treee29f4759588fadfc5c81d6674f91d3568556c726 /source3/web
parent2309cd7f6415e2908f25c73440e49818bd426de0 (diff)
downloadsamba-6adafe50d4a9a75a6fe1f666232e0af1ac717513.tar.gz
samba-6adafe50d4a9a75a6fe1f666232e0af1ac717513.tar.bz2
samba-6adafe50d4a9a75a6fe1f666232e0af1ac717513.zip
Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by
simply not doing Get_Pwnam() calls in pass_check.c We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb)
Diffstat (limited to 'source3/web')
-rw-r--r--source3/web/cgi.c71
1 files changed, 24 insertions, 47 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 3547379084..b4356af46e 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -362,14 +362,6 @@ static BOOL cgi_handle_authorization(char *line)
{
char *p, *user, *user_pass;
struct passwd *pass = NULL;
- BOOL got_name = False;
- BOOL tested_pass = False;
- fstring default_user_lookup;
- fstring default_user_pass;
-
- /* Dummy user lookup to take the same time as a valid user. */
- fstrcpy(default_user_lookup, "zzzz bibble");
- fstrcpy(default_user_pass, "123456789");
if (strncasecmp(line,"Basic ", 6)) {
goto err;
@@ -387,55 +379,40 @@ static BOOL cgi_handle_authorization(char *line)
*p = 0;
user = line;
user_pass = p+1;
-
+
/*
* Try and get the user from the UNIX password file.
*/
-
- if(!(pass = Get_Pwnam(user,False))) {
- /*
- * Always give the same error so a cracker
- * cannot tell why we fail.
- */
- got_name = True;
- goto err;
- }
-
+
+ pass = sys_getpwnam(user);
+
/*
* Validate the password they have given.
*/
-
- tested_pass = True;
-
- if(pass_check(user, user_pass, strlen(user_pass), NULL) == True) {
-
- /*
- * Password was ok.
- */
-
- if(pass->pw_uid != 0) {
+
+ if (pass_check(pass, user, user_pass,
+ strlen(user_pass), NULL, False)) {
+
+ if (pass) {
/*
- * We have not authenticated as root,
- * become the user *permanently*.
+ * Password was ok.
*/
- become_user_permanently(pass->pw_uid, pass->pw_gid);
+
+ if(pass->pw_uid != 0) {
+ /*
+ * We have not authenticated as root,
+ * become the user *permanently*.
+ */
+ become_user_permanently(pass->pw_uid, pass->pw_gid);
+ }
+
+ /* Save the users name */
+ C_user = strdup(user);
+ return True;
}
-
- /* Save the users name */
- C_user = strdup(user);
- return True;
}
-
- err:
-
- /* Always take the same time. */
- if (!got_name)
- Get_Pwnam(default_user_lookup,False);
-
- if (!tested_pass)
- pass_check(default_user_lookup, default_user_pass,
- strlen(default_user_pass), NULL);
-
+
+err:
cgi_setup_error("401 Bad Authorization", "",
"username or password incorrect");