From e277c08631316ccda875a09a67ebb220c495c5a9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 22 Apr 2001 07:20:24 +0000 Subject: Commit of a modified version of Andrew Bartlett's patch that removes the horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568) --- source3/smbd/password.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'source3/smbd/password.c') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 6c0fe79845..698c6a1356 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -606,24 +606,33 @@ return True if the password is correct, False otherwise ****************************************************************************/ BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd) { + BOOL ret; + if ((pwlen == 0) && !lp_null_passwords()) { DEBUG(4,("Null passwords not allowed.\n")); return False; } - if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) - { + if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) { /* if 24 bytes long assume it is an encrypted password */ uchar challenge[8]; - if (!last_challenge(challenge)) - { + if (!last_challenge(challenge)) { DEBUG(0,("Error: challenge not done for user=%s\n", user)); return False; } - return pass_check_smb(user, global_myworkgroup, + ret = pass_check_smb(user, global_myworkgroup, challenge, (uchar *)password, (uchar *)password, pwd); + + /* + * Try with PAM (may not be compiled in - returns True if not. JRA). + * FIXME ! Should this be called if we're using winbindd ? What about + * non-local accounts ? JRA. + */ + + if (ret) + return pam_accountcheck(user); } return pass_check(user, password, pwlen, pwd, -- cgit