diff options
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_unix.c | 14 | ||||
| -rw-r--r-- | source3/auth/pass_check.c | 11 |
2 files changed, 16 insertions, 9 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index ea32a65457..7c6c58cafa 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -71,13 +71,19 @@ in PLAIN TEXT NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { NTSTATUS nt_status; - + struct passwd *pass = NULL; + become_root(); - nt_status = (pass_check(user_info->unix_username.str, - user_info->plaintext_password.str, + + pass = Get_Pwnam(user_info->unix_username.str, False); + + nt_status = (pass_check(pass, + user_info->unix_username.str, + user_info->plaintext_password.str, user_info->plaintext_password.len, lp_update_encrypted() ? - update_smbpassword_file : NULL) + update_smbpassword_file : NULL, + True) ? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE); unbecome_root(); diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 59fc9e2eac..7426bfcbe3 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -682,12 +682,11 @@ match is found and is used to update the encrypted password file return True on correct match, False otherwise ****************************************************************************/ -BOOL pass_check(char *user, char *password, int pwlen, - BOOL (*fn) (char *, char *)) +BOOL pass_check(struct passwd *pass, char *user, char *password, int pwlen, + BOOL (*fn) (char *, char *), BOOL run_cracker) { pstring pass2; int level = lp_passwordlevel(); - struct passwd *pass = NULL; if (password) password[pwlen] = 0; @@ -702,8 +701,6 @@ BOOL pass_check(char *user, char *password, int pwlen, if (((!*password) || (!pwlen)) && !lp_null_passwords()) return (False); - pass = Get_Pwnam(user, True); - #ifdef WITH_PAM /* @@ -819,6 +816,10 @@ BOOL pass_check(char *user, char *password, int pwlen, return (True); } + if (!run_cracker) { + return False; + } + /* if the password was given to us with mixed case then we don't need to proceed as we know it hasn't been case modified by the client */ |