JHT ===> Fixed potential PAM Security hole and second chance syndrome

author Samba Release Account <samba-bugs@samba.org>

Tue, 4 Feb 1997 10:35:38 +0000 (10:35 +0000)

committer Samba Release Account <samba-bugs@samba.org>

Tue, 4 Feb 1997 10:35:38 +0000 (10:35 +0000)
author Samba Release Account <samba-bugs@samba.org>
Tue, 4 Feb 1997 10:35:38 +0000 (10:35 +0000)
committer Samba Release Account <samba-bugs@samba.org>
Tue, 4 Feb 1997 10:35:38 +0000 (10:35 +0000)
diff --git a/source3/smbd/password.c b/source3/smbd/password.c

index 8c1a1026ccc87e264d289c8d2a70c6f7e37c1ab9..3ccc1e4cfdf9aa714d2814a3468b8d445de2bf84 100644 (file)
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -612,7 +612,16 @@ BOOL password_check(char *password)
  {
  
  #ifdef USE_PAM
+/* This falls through if the password check fails
+       - if NO_CRYPT is defined this causes an error msg
+               saying Warning - no crypt available
+       - if NO_CRYPT is NOT defined this is a potential security hole
+               as it may authenticate via the crypt call when PAM
+               settings say it should fail.
    if (pam_auth(this_user,password)) return(True);
+Hence we make a direct return to avoid a second chance!!!
+*/
+  return (pam_auth(this_user,password));
  #endif
  
  #ifdef AFS_AUTH
author	Samba Release Account <samba-bugs@samba.org>
	Tue, 4 Feb 1997 10:35:38 +0000 (10:35 +0000)
committer	Samba Release Account <samba-bugs@samba.org>
	Tue, 4 Feb 1997 10:35:38 +0000 (10:35 +0000)