From dc559428b85474ff4d80f37f421365a3910a8861 Mon Sep 17 00:00:00 2001
From: Samba Release Account <samba-bugs@samba.org>
Date: Tue, 4 Feb 1997 10:35:38 +0000
Subject: [PATCH] JHT ===> Fixed potential PAM Security hole and second chance
 syndrome 	spurious warning message "Warning - no crypt available"

---
 source/smbd/password.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/source/smbd/password.c b/source/smbd/password.c
index 8c1a1026ccc..3ccc1e4cfdf 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -612,7 +612,16 @@ BOOL password_check(char *password)
 {
 
 #ifdef USE_PAM
+/* This falls through if the password check fails
+	- if NO_CRYPT is defined this causes an error msg
+		saying Warning - no crypt available
+	- if NO_CRYPT is NOT defined this is a potential security hole
+		as it may authenticate via the crypt call when PAM
+		settings say it should fail.
   if (pam_auth(this_user,password)) return(True);
+Hence we make a direct return to avoid a second chance!!!
+*/
+  return (pam_auth(this_user,password));
 #endif
 
 #ifdef AFS_AUTH