rpms / samba

Clone
Source Code
GIT

Blame samba-3.0.24-pam_winbind-fixes.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main master private-gd-master private-gd-rawhide private-gd-rawhide-4.17.0rc1 rawhide
  1.   b4961fa6d4a7391db89c446a156e782f8cc5f5b7
  2.   samba-3.0.24-pam_winbind-fixes.patch
Blob History Raw
gdeschne 8c272c7 
------------------------------------------------------------------------
gdeschne 8c272c7 
r21143 | gd | 2007-02-05 15:34:12 +0100 (Mon, 05 Feb 2007) | 7 lines
gdeschne 8c272c7
gdeschne 8c272c7 
Fix wrong check for pam error codes for getpwnam and lookup winbind
gdeschne 8c272c7 
requests in pam_winbind (Bug #4094).
gdeschne 8c272c7
gdeschne 8c272c7 
Inspired by fix from Lars Heete.
gdeschne 8c272c7
gdeschne 8c272c7 
Guenther
gdeschne 8c272c7
gdeschne 8c272c7 
------------------------------------------------------------------------
gdeschne 8c272c7 
Index: source/nsswitch/pam_winbind.c
gdeschne 8c272c7 
===================================================================
gdeschne 8c272c7 
--- source/nsswitch/pam_winbind.c	(revision 21142)
gdeschne 8c272c7 
+++ source/nsswitch/pam_winbind.c	(revision 21143)
gdeschne 8c272c7 
@@ -444,21 +444,34 @@ static int pam_winbind_request(pam_handl
gdeschne 8c272c7 
 	close_sock();
gdeschne 8c272c7
gdeschne 8c272c7 
 	/* Copy reply data from socket */
gdeschne 8c272c7 
-	if (response->result != WINBINDD_OK) {
gdeschne 8c272c7 
-		if (response->data.auth.pam_error != PAM_SUCCESS) {
gdeschne 8c272c7 
-			_pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
gdeschne 8c272c7 
-				 response->data.auth.error_string,
gdeschne 8c272c7 
-				 pam_strerror(pamh, response->data.auth.pam_error),
gdeschne 8c272c7 
-				 response->data.auth.pam_error,
gdeschne 8c272c7 
-				 response->data.auth.nt_status_string);
gdeschne 8c272c7 
-			return response->data.auth.pam_error;
gdeschne 8c272c7 
-		} else {
gdeschne 8c272c7 
-			_pam_log(LOG_ERR, "request failed, but PAM error 0!");
gdeschne 8c272c7 
-			return PAM_SERVICE_ERR;
gdeschne 8c272c7 
-		}
gdeschne 8c272c7 
+	if (response->result == WINBINDD_OK) {
gdeschne 8c272c7 
+		return PAM_SUCCESS;
gdeschne 8c272c7 
 	}
gdeschne 8c272c7
gdeschne 8c272c7 
-	return PAM_SUCCESS;
gdeschne 8c272c7 
+	/* no need to check for pam_error codes for getpwnam() */
gdeschne 8c272c7 
+	switch (req_type) {
gdeschne 8c272c7 
+
gdeschne 8c272c7 
+		case WINBINDD_GETPWNAM:
gdeschne 8c272c7 
+		case WINBINDD_LOOKUPNAME:
gdeschne 8c272c7 
+			_pam_log(LOG_ERR, "request failed: %s, NT error was %s",
gdeschne 8c272c7 
+				response->data.auth.nt_status_string);
gdeschne 8c272c7 
+			return PAM_USER_UNKNOWN;
gdeschne 8c272c7 
+		default:
gdeschne 8c272c7 
+			break;
gdeschne 8c272c7 
+	}
gdeschne 8c272c7 
+
gdeschne 8c272c7 
+	if (response->data.auth.pam_error != PAM_SUCCESS) {
gdeschne 8c272c7 
+		_pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
gdeschne 8c272c7 
+			 response->data.auth.error_string,
gdeschne 8c272c7 
+			 pam_strerror(pamh, response->data.auth.pam_error),
gdeschne 8c272c7 
+			 response->data.auth.pam_error,
gdeschne 8c272c7 
+			 response->data.auth.nt_status_string);
gdeschne 8c272c7 
+		return response->data.auth.pam_error;
gdeschne 8c272c7 
+	}
gdeschne 8c272c7 
+
gdeschne 8c272c7 
+	_pam_log(LOG_ERR, "request failed, but PAM error 0!");
gdeschne 8c272c7 
+
gdeschne 8c272c7 
+	return PAM_SERVICE_ERR;
gdeschne 8c272c7 
 }
gdeschne 8c272c7
gdeschne 8c272c7 
 static int pam_winbind_request_log(pam_handle_t * pamh,
gdeschne 8c272c7 
------------------------------------------------------------------------
gdeschne 8c272c7 
r21310 | gd | 2007-02-13 12:04:10 +0100 (Tue, 13 Feb 2007) | 4 lines
gdeschne 8c272c7
gdeschne 8c272c7 
Fix invalid printfs in pam_winbind.
gdeschne 8c272c7
gdeschne 8c272c7 
Guenther
gdeschne 8c272c7
gdeschne 8c272c7 
------------------------------------------------------------------------
gdeschne 8c272c7 
Index: source/nsswitch/pam_winbind.c
gdeschne 8c272c7 
===================================================================
gdeschne 8c272c7 
--- source/nsswitch/pam_winbind.c	(revision 21309)
gdeschne 8c272c7 
+++ source/nsswitch/pam_winbind.c	(revision 21310)
gdeschne 8c272c7 
@@ -461,8 +461,12 @@ static int pam_winbind_request(pam_handl
gdeschne 8c272c7
gdeschne 8c272c7 
 		case WINBINDD_GETPWNAM:
gdeschne 8c272c7 
 		case WINBINDD_LOOKUPNAME:
gdeschne 8c272c7 
-			_pam_log(LOG_ERR, "request failed: %s, NT error was %s",
gdeschne 8c272c7 
+			if (strlen(response->data.auth.nt_status_string) > 0) {
gdeschne 8c272c7 
+				_pam_log(LOG_ERR, "request failed, NT error was %s",
gdeschne 8c272c7 
 				response->data.auth.nt_status_string);
gdeschne 8c272c7 
+			} else {
gdeschne 8c272c7 
+				_pam_log(LOG_ERR, "request failed");
gdeschne 8c272c7 
+			}
gdeschne 8c272c7 
 			return PAM_USER_UNKNOWN;
gdeschne 8c272c7 
 		default:
gdeschne 8c272c7 
 			break;
gdeschne 8c272c7 
@@ -518,15 +522,19 @@ static int pam_winbind_request_log(pam_h
gdeschne 8c272c7 
 		}
gdeschne 8c272c7 
 		return retval;
gdeschne 8c272c7 
 	case PAM_SUCCESS:
gdeschne 8c272c7 
-		if (req_type == WINBINDD_PAM_AUTH) {
gdeschne 8c272c7 
-			/* Otherwise, the authentication looked good */
gdeschne 8c272c7 
-			_pam_log(LOG_NOTICE, "user '%s' granted access", user);
gdeschne 8c272c7 
-		} else if (req_type == WINBINDD_PAM_CHAUTHTOK) {
gdeschne 8c272c7 
-			/* Otherwise, the authentication looked good */
gdeschne 8c272c7 
-			_pam_log(LOG_NOTICE, "user '%s' password changed", user);
gdeschne 8c272c7 
-		} else {
gdeschne 8c272c7 
-			/* Otherwise, the authentication looked good */
gdeschne 8c272c7 
-			_pam_log(LOG_NOTICE, "user '%s' OK", user);
gdeschne 8c272c7 
+		/* Otherwise, the authentication looked good */
gdeschne 8c272c7 
+		switch (req_type) {
gdeschne 8c272c7 
+			case WINBINDD_INFO:
gdeschne 8c272c7 
+				break;
gdeschne 8c272c7 
+			case WINBINDD_PAM_AUTH:
gdeschne 8c272c7 
+				_pam_log(LOG_NOTICE, "user '%s' granted access", user);
gdeschne 8c272c7 
+				break;
gdeschne 8c272c7 
+			case WINBINDD_PAM_CHAUTHTOK:
gdeschne 8c272c7 
+				_pam_log(LOG_NOTICE, "user '%s' password changed", user);
gdeschne 8c272c7 
+				break;
gdeschne 8c272c7 
+			default:
gdeschne 8c272c7 
+				_pam_log(LOG_NOTICE, "user '%s' OK", user);
gdeschne 8c272c7 
+				break;
gdeschne 8c272c7 
 		}
gdeschne 8c272c7
gdeschne 8c272c7 
 		return retval;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.