git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
1fe69a7
)
JHT ===> Fixed potential PAM Security hole and second chance syndrome
author
Samba Release Account
<samba-bugs@samba.org>
Tue, 4 Feb 1997 10:35:38 +0000
(10:35 +0000)
committer
Samba Release Account
<samba-bugs@samba.org>
Tue, 4 Feb 1997 10:35:38 +0000
(10:35 +0000)
spurious warning message "Warning - no crypt available"
(This used to be commit
dc559428b85474ff4d80f37f421365a3910a8861
)
source3/smbd/password.c
patch
|
blob
|
history
diff --git
a/source3/smbd/password.c
b/source3/smbd/password.c
index 8c1a1026ccc87e264d289c8d2a70c6f7e37c1ab9..3ccc1e4cfdf9aa714d2814a3468b8d445de2bf84 100644
(file)
--- a/
source3/smbd/password.c
+++ b/
source3/smbd/password.c
@@
-612,7
+612,16
@@
BOOL password_check(char *password)
{
#ifdef USE_PAM
+/* This falls through if the password check fails
+ - if NO_CRYPT is defined this causes an error msg
+ saying Warning - no crypt available
+ - if NO_CRYPT is NOT defined this is a potential security hole
+ as it may authenticate via the crypt call when PAM
+ settings say it should fail.
if (pam_auth(this_user,password)) return(True);
+Hence we make a direct return to avoid a second chance!!!
+*/
+ return (pam_auth(this_user,password));
#endif
#ifdef AFS_AUTH