From e277c08631316ccda875a09a67ebb220c495c5a9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 22 Apr 2001 07:20:24 +0000 Subject: Commit of a modified version of Andrew Bartlett's patch that removes the horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568) --- source3/passdb/pass_check.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'source3/passdb/pass_check.c') diff --git a/source3/passdb/pass_check.c b/source3/passdb/pass_check.c index 236465bc90..08961e5099 100644 --- a/source3/passdb/pass_check.c +++ b/source3/passdb/pass_check.c @@ -681,12 +681,13 @@ the function pointer fn() points to a function to call when a successful match is found and is used to update the encrypted password file return True on correct match, False otherwise ****************************************************************************/ + BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, BOOL (*fn) (char *, char *)) { pstring pass2; int level = lp_passwordlevel(); - struct passwd *pass; + struct passwd *pass = NULL; if (password) password[pwlen] = 0; @@ -708,8 +709,20 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, pass = Get_Pwnam(user, True); } +#ifdef WITH_PAM + + /* + * If we're using PAM we want to short-circuit all the + * checks below and dive straight into the PAM code. + */ + + fstrcpy(this_user, user); + + DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen)); + +#else /* Not using PAM */ - DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen)); + DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); if (!pass) { DEBUG(3, ("Couldn't find user %s\n", user)); @@ -802,6 +815,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd, } } +#endif /* WITH_PAM */ + /* try it as it came to us */ if (password_check(password)) { if (fn) -- cgit