1 files changed, 20 insertions, 16 deletions

diff --git a/src/ejabberd_auth_pam.erl b/src/ejabberd_auth_pam.erl
index f3fdf628..da893eb4 100644
--- a/src/ejabberd_auth_pam.erl
+++ b/src/ejabberd_auth_pam.erl
@@ -32,8 +32,8 @@
 %%====================================================================
 %% API
 %%====================================================================
--export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
          get_vh_registered_users/2, get_vh_registered_users_number/1,
          get_vh_registered_users_number/2,
@@ -47,21 +47,25 @@ start(_Host) ->
 set_password(_User, _Server, _Password) ->
     {error, not_allowed}.
 
-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
-
-check_password(User, Host, Password) ->
-    Service = get_pam_service(Host),
-    UserInfo = case get_pam_userinfotype(Host) of
-		 username -> User;
-		 jid -> <<User/binary, "@", Host/binary>>
-	       end,
-    case catch epam:authenticate(Service, UserInfo,
-				 Password)
-	of
-      true -> true;
-      _ -> false
+    check_password(User, AuthzId, Server, Password).
+
+check_password(User, AuthzId, Host, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        Service = get_pam_service(Host),
+        UserInfo = case get_pam_userinfotype(Host) of
+    		 username -> User;
+    		 jid -> <<User/binary, "@", Host/binary>>
+    	       end,
+        case catch epam:authenticate(Service, UserInfo,
+    				 Password)
+    	of
+          true -> true;
+          _ -> false
+        end
     end.
 
 try_register(_User, _Server, _Password) ->