summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_unix.c14
-rw-r--r--source3/auth/pass_check.c11
2 files changed, 16 insertions, 9 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index ea32a65457..7c6c58cafa 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -71,13 +71,19 @@ in PLAIN TEXT
NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
NTSTATUS nt_status;
-
+ struct passwd *pass = NULL;
+
become_root();
- nt_status = (pass_check(user_info->unix_username.str,
- user_info->plaintext_password.str,
+
+ pass = Get_Pwnam(user_info->unix_username.str, False);
+
+ nt_status = (pass_check(pass,
+ user_info->unix_username.str,
+ user_info->plaintext_password.str,
user_info->plaintext_password.len,
lp_update_encrypted() ?
- update_smbpassword_file : NULL)
+ update_smbpassword_file : NULL,
+ True)
? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);
unbecome_root();
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index 59fc9e2eac..7426bfcbe3 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -682,12 +682,11 @@ match is found and is used to update the encrypted password file
return True on correct match, False otherwise
****************************************************************************/
-BOOL pass_check(char *user, char *password, int pwlen,
- BOOL (*fn) (char *, char *))
+BOOL pass_check(struct passwd *pass, char *user, char *password, int pwlen,
+ BOOL (*fn) (char *, char *), BOOL run_cracker)
{
pstring pass2;
int level = lp_passwordlevel();
- struct passwd *pass = NULL;
if (password)
password[pwlen] = 0;
@@ -702,8 +701,6 @@ BOOL pass_check(char *user, char *password, int pwlen,
if (((!*password) || (!pwlen)) && !lp_null_passwords())
return (False);
- pass = Get_Pwnam(user, True);
-
#ifdef WITH_PAM
/*
@@ -819,6 +816,10 @@ BOOL pass_check(char *user, char *password, int pwlen,
return (True);
}
+ if (!run_cracker) {
+ return False;
+ }
+
/* if the password was given to us with mixed case then we don't
need to proceed as we know it hasn't been case modified by the
client */