|
gdeschne |
8c272c7 |
------------------------------------------------------------------------
|
|
gdeschne |
8c272c7 |
r21143 | gd | 2007-02-05 15:34:12 +0100 (Mon, 05 Feb 2007) | 7 lines
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
Fix wrong check for pam error codes for getpwnam and lookup winbind
|
|
gdeschne |
8c272c7 |
requests in pam_winbind (Bug #4094).
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
Inspired by fix from Lars Heete.
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
Guenther
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
------------------------------------------------------------------------
|
|
gdeschne |
8c272c7 |
Index: source/nsswitch/pam_winbind.c
|
|
gdeschne |
8c272c7 |
===================================================================
|
|
gdeschne |
8c272c7 |
--- source/nsswitch/pam_winbind.c (revision 21142)
|
|
gdeschne |
8c272c7 |
+++ source/nsswitch/pam_winbind.c (revision 21143)
|
|
gdeschne |
8c272c7 |
@@ -444,21 +444,34 @@ static int pam_winbind_request(pam_handl
|
|
gdeschne |
8c272c7 |
close_sock();
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
/* Copy reply data from socket */
|
|
gdeschne |
8c272c7 |
- if (response->result != WINBINDD_OK) {
|
|
gdeschne |
8c272c7 |
- if (response->data.auth.pam_error != PAM_SUCCESS) {
|
|
gdeschne |
8c272c7 |
- _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
|
|
gdeschne |
8c272c7 |
- response->data.auth.error_string,
|
|
gdeschne |
8c272c7 |
- pam_strerror(pamh, response->data.auth.pam_error),
|
|
gdeschne |
8c272c7 |
- response->data.auth.pam_error,
|
|
gdeschne |
8c272c7 |
- response->data.auth.nt_status_string);
|
|
gdeschne |
8c272c7 |
- return response->data.auth.pam_error;
|
|
gdeschne |
8c272c7 |
- } else {
|
|
gdeschne |
8c272c7 |
- _pam_log(LOG_ERR, "request failed, but PAM error 0!");
|
|
gdeschne |
8c272c7 |
- return PAM_SERVICE_ERR;
|
|
gdeschne |
8c272c7 |
- }
|
|
gdeschne |
8c272c7 |
+ if (response->result == WINBINDD_OK) {
|
|
gdeschne |
8c272c7 |
+ return PAM_SUCCESS;
|
|
gdeschne |
8c272c7 |
}
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
- return PAM_SUCCESS;
|
|
gdeschne |
8c272c7 |
+ /* no need to check for pam_error codes for getpwnam() */
|
|
gdeschne |
8c272c7 |
+ switch (req_type) {
|
|
gdeschne |
8c272c7 |
+
|
|
gdeschne |
8c272c7 |
+ case WINBINDD_GETPWNAM:
|
|
gdeschne |
8c272c7 |
+ case WINBINDD_LOOKUPNAME:
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_ERR, "request failed: %s, NT error was %s",
|
|
gdeschne |
8c272c7 |
+ response->data.auth.nt_status_string);
|
|
gdeschne |
8c272c7 |
+ return PAM_USER_UNKNOWN;
|
|
gdeschne |
8c272c7 |
+ default:
|
|
gdeschne |
8c272c7 |
+ break;
|
|
gdeschne |
8c272c7 |
+ }
|
|
gdeschne |
8c272c7 |
+
|
|
gdeschne |
8c272c7 |
+ if (response->data.auth.pam_error != PAM_SUCCESS) {
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
|
|
gdeschne |
8c272c7 |
+ response->data.auth.error_string,
|
|
gdeschne |
8c272c7 |
+ pam_strerror(pamh, response->data.auth.pam_error),
|
|
gdeschne |
8c272c7 |
+ response->data.auth.pam_error,
|
|
gdeschne |
8c272c7 |
+ response->data.auth.nt_status_string);
|
|
gdeschne |
8c272c7 |
+ return response->data.auth.pam_error;
|
|
gdeschne |
8c272c7 |
+ }
|
|
gdeschne |
8c272c7 |
+
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_ERR, "request failed, but PAM error 0!");
|
|
gdeschne |
8c272c7 |
+
|
|
gdeschne |
8c272c7 |
+ return PAM_SERVICE_ERR;
|
|
gdeschne |
8c272c7 |
}
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
static int pam_winbind_request_log(pam_handle_t * pamh,
|
|
gdeschne |
8c272c7 |
------------------------------------------------------------------------
|
|
gdeschne |
8c272c7 |
r21310 | gd | 2007-02-13 12:04:10 +0100 (Tue, 13 Feb 2007) | 4 lines
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
Fix invalid printfs in pam_winbind.
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
Guenther
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
------------------------------------------------------------------------
|
|
gdeschne |
8c272c7 |
Index: source/nsswitch/pam_winbind.c
|
|
gdeschne |
8c272c7 |
===================================================================
|
|
gdeschne |
8c272c7 |
--- source/nsswitch/pam_winbind.c (revision 21309)
|
|
gdeschne |
8c272c7 |
+++ source/nsswitch/pam_winbind.c (revision 21310)
|
|
gdeschne |
8c272c7 |
@@ -461,8 +461,12 @@ static int pam_winbind_request(pam_handl
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
case WINBINDD_GETPWNAM:
|
|
gdeschne |
8c272c7 |
case WINBINDD_LOOKUPNAME:
|
|
gdeschne |
8c272c7 |
- _pam_log(LOG_ERR, "request failed: %s, NT error was %s",
|
|
gdeschne |
8c272c7 |
+ if (strlen(response->data.auth.nt_status_string) > 0) {
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_ERR, "request failed, NT error was %s",
|
|
gdeschne |
8c272c7 |
response->data.auth.nt_status_string);
|
|
gdeschne |
8c272c7 |
+ } else {
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_ERR, "request failed");
|
|
gdeschne |
8c272c7 |
+ }
|
|
gdeschne |
8c272c7 |
return PAM_USER_UNKNOWN;
|
|
gdeschne |
8c272c7 |
default:
|
|
gdeschne |
8c272c7 |
break;
|
|
gdeschne |
8c272c7 |
@@ -518,15 +522,19 @@ static int pam_winbind_request_log(pam_h
|
|
gdeschne |
8c272c7 |
}
|
|
gdeschne |
8c272c7 |
return retval;
|
|
gdeschne |
8c272c7 |
case PAM_SUCCESS:
|
|
gdeschne |
8c272c7 |
- if (req_type == WINBINDD_PAM_AUTH) {
|
|
gdeschne |
8c272c7 |
- /* Otherwise, the authentication looked good */
|
|
gdeschne |
8c272c7 |
- _pam_log(LOG_NOTICE, "user '%s' granted access", user);
|
|
gdeschne |
8c272c7 |
- } else if (req_type == WINBINDD_PAM_CHAUTHTOK) {
|
|
gdeschne |
8c272c7 |
- /* Otherwise, the authentication looked good */
|
|
gdeschne |
8c272c7 |
- _pam_log(LOG_NOTICE, "user '%s' password changed", user);
|
|
gdeschne |
8c272c7 |
- } else {
|
|
gdeschne |
8c272c7 |
- /* Otherwise, the authentication looked good */
|
|
gdeschne |
8c272c7 |
- _pam_log(LOG_NOTICE, "user '%s' OK", user);
|
|
gdeschne |
8c272c7 |
+ /* Otherwise, the authentication looked good */
|
|
gdeschne |
8c272c7 |
+ switch (req_type) {
|
|
gdeschne |
8c272c7 |
+ case WINBINDD_INFO:
|
|
gdeschne |
8c272c7 |
+ break;
|
|
gdeschne |
8c272c7 |
+ case WINBINDD_PAM_AUTH:
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_NOTICE, "user '%s' granted access", user);
|
|
gdeschne |
8c272c7 |
+ break;
|
|
gdeschne |
8c272c7 |
+ case WINBINDD_PAM_CHAUTHTOK:
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_NOTICE, "user '%s' password changed", user);
|
|
gdeschne |
8c272c7 |
+ break;
|
|
gdeschne |
8c272c7 |
+ default:
|
|
gdeschne |
8c272c7 |
+ _pam_log(LOG_NOTICE, "user '%s' OK", user);
|
|
gdeschne |
8c272c7 |
+ break;
|
|
gdeschne |
8c272c7 |
}
|
|
gdeschne |
8c272c7 |
|
|
gdeschne |
8c272c7 |
return retval;
|