summaryrefslogtreecommitdiff
path: root/source3/passdb/pampass.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb/pampass.c')
-rw-r--r--source3/passdb/pampass.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/source3/passdb/pampass.c b/source3/passdb/pampass.c
index f91f472603..9f4a8f57b9 100644
--- a/source3/passdb/pampass.c
+++ b/source3/passdb/pampass.c
@@ -350,11 +350,17 @@ static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty,
/*
* PAM Externally accessible Session handler
*/
+
BOOL smb_pam_session(BOOL flag, const char *in_user, char *tty, char *rhost)
{
pam_handle_t *pamh = NULL;
char * user;
+ /* Ignore PAM if told to. */
+
+ if (!lp_obey_pam_restrictions())
+ return True;
+
user = strdup(in_user);
if ( user == NULL ) {
DEBUG(0, ("PAM: PAM_session Malloc Failed!\n"));
@@ -382,6 +388,11 @@ BOOL smb_pam_accountcheck(char * user)
PAM_username = user;
PAM_password = NULL;
+ /* Ignore PAM if told to. */
+
+ if (!lp_obey_pam_restrictions())
+ return True;
+
if( smb_pam_start(&pamh, user, NULL)) {
if ( smb_pam_account(pamh, user, NULL, False)) {
return( smb_pam_end(pamh));
@@ -401,6 +412,12 @@ BOOL smb_pam_passcheck(char * user, char * password)
PAM_username = user;
PAM_password = password;
+ /*
+ * Note we can't ignore PAM here as this is the only
+ * way of doing auths on plaintext passwords when
+ * compiled --with-pam.
+ */
+
if( smb_pam_start(&pamh, user, NULL)) {
if ( smb_pam_auth(pamh, user, password)) {
if ( smb_pam_account(pamh, user, password, True)) {
generated by cgit (git 2.34.1) at 2024-07-10 05:52:29 +0000