diff options
author | Samba Release Account <samba-bugs@samba.org> | 1997-02-04 10:35:38 +0000 |
---|---|---|
committer | Samba Release Account <samba-bugs@samba.org> | 1997-02-04 10:35:38 +0000 |
commit | dc559428b85474ff4d80f37f421365a3910a8861 (patch) | |
tree | c57570a9eb6adae1e27219f9496552512cb519c1 /source | |
parent | e9a8ccb36bc94e161fdf85c1de8310937710c92f (diff) | |
download | samba-dc559428b85474ff4d80f37f421365a3910a8861.tar.gz samba-dc559428b85474ff4d80f37f421365a3910a8861.tar.xz samba-dc559428b85474ff4d80f37f421365a3910a8861.zip |
JHT ===> Fixed potential PAM Security hole and second chance syndrome
spurious warning message "Warning - no crypt available"
Diffstat (limited to 'source')
-rw-r--r-- | source/smbd/password.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source/smbd/password.c b/source/smbd/password.c index 8c1a1026ccc..3ccc1e4cfdf 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -612,7 +612,16 @@ BOOL password_check(char *password) { #ifdef USE_PAM +/* This falls through if the password check fails + - if NO_CRYPT is defined this causes an error msg + saying Warning - no crypt available + - if NO_CRYPT is NOT defined this is a potential security hole + as it may authenticate via the crypt call when PAM + settings say it should fail. if (pam_auth(this_user,password)) return(True); +Hence we make a direct return to avoid a second chance!!! +*/ + return (pam_auth(this_user,password)); #endif #ifdef AFS_AUTH |