Move pass_check.c over to NTSTATUS, allowing full NTSTATUS from PAM to wire!

Add the ability for swat to run in non-root-mode (ie non-root from inetd).
 - we still need some of the am_root() calls fixed however.
(This used to be commit 2c2317c56ee13abdbdbc866363c3b52dab826e3c)

1 files changed, 5 insertions, 8 deletions

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index b4356af46e..a8af9b2722 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -390,7 +390,7 @@ static BOOL cgi_handle_authorization(char *line)
 	 * Validate the password they have given.
 	 */
 	
-	if (pass_check(pass, user, user_pass, 
+	if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, 
 		      strlen(user_pass), NULL, False)) {
 		
 		if (pass) {
@@ -398,13 +398,7 @@ static BOOL cgi_handle_authorization(char *line)
 			 * Password was ok.
 			 */
 			
-			if(pass->pw_uid != 0) {
-				/*
-				 * We have not authenticated as root,
-				 * become the user *permanently*.
-				 */
-				become_user_permanently(pass->pw_uid, pass->pw_gid);
-			}
+			become_user_permanently(pass->pw_uid, pass->pw_gid);
 			
 			/* Save the users name */
 			C_user = strdup(user);
@@ -508,6 +502,9 @@ void cgi_setup(char *rootdir, int auth_required)
 				"chdir failed - the server is not configured correctly");
 	}
 
+	/* Handle the possability we might be running as non-root */
+	sec_init();
+
 	/* maybe we are running under a web server */
 	if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
 		if (auth_required) {