------------------------------------------------------------------------
r21143 | gd | 2007-02-05 15:34:12 +0100 (Mon, 05 Feb 2007) | 7 lines
Fix wrong check for pam error codes for getpwnam and lookup winbind
requests in pam_winbind (Bug #4094).
Inspired by fix from Lars Heete.
Guenther
------------------------------------------------------------------------
Index: source/nsswitch/pam_winbind.c
===================================================================
--- source/nsswitch/pam_winbind.c (revision 21142)
+++ source/nsswitch/pam_winbind.c (revision 21143)
@@ -444,21 +444,34 @@ static int pam_winbind_request(pam_handl
close_sock();
/* Copy reply data from socket */
- if (response->result != WINBINDD_OK) {
- if (response->data.auth.pam_error != PAM_SUCCESS) {
- _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
- response->data.auth.error_string,
- pam_strerror(pamh, response->data.auth.pam_error),
- response->data.auth.pam_error,
- response->data.auth.nt_status_string);
- return response->data.auth.pam_error;
- } else {
- _pam_log(LOG_ERR, "request failed, but PAM error 0!");
- return PAM_SERVICE_ERR;
- }
+ if (response->result == WINBINDD_OK) {
+ return PAM_SUCCESS;
}
- return PAM_SUCCESS;
+ /* no need to check for pam_error codes for getpwnam() */
+ switch (req_type) {
+
+ case WINBINDD_GETPWNAM:
+ case WINBINDD_LOOKUPNAME:
+ _pam_log(LOG_ERR, "request failed: %s, NT error was %s",
+ response->data.auth.nt_status_string);
+ return PAM_USER_UNKNOWN;
+ default:
+ break;
+ }
+
+ if (response->data.auth.pam_error != PAM_SUCCESS) {
+ _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
+ response->data.auth.error_string,
+ pam_strerror(pamh, response->data.auth.pam_error),
+ response->data.auth.pam_error,
+ response->data.auth.nt_status_string);
+ return response->data.auth.pam_error;
+ }
+
+ _pam_log(LOG_ERR, "request failed, but PAM error 0!");
+
+ return PAM_SERVICE_ERR;
}
static int pam_winbind_request_log(pam_handle_t * pamh,
------------------------------------------------------------------------
r21310 | gd | 2007-02-13 12:04:10 +0100 (Tue, 13 Feb 2007) | 4 lines
Fix invalid printfs in pam_winbind.
Guenther
------------------------------------------------------------------------
Index: source/nsswitch/pam_winbind.c
===================================================================
--- source/nsswitch/pam_winbind.c (revision 21309)
+++ source/nsswitch/pam_winbind.c (revision 21310)
@@ -461,8 +461,12 @@ static int pam_winbind_request(pam_handl
case WINBINDD_GETPWNAM:
case WINBINDD_LOOKUPNAME:
- _pam_log(LOG_ERR, "request failed: %s, NT error was %s",
+ if (strlen(response->data.auth.nt_status_string) > 0) {
+ _pam_log(LOG_ERR, "request failed, NT error was %s",
response->data.auth.nt_status_string);
+ } else {
+ _pam_log(LOG_ERR, "request failed");
+ }
return PAM_USER_UNKNOWN;
default:
break;
@@ -518,15 +522,19 @@ static int pam_winbind_request_log(pam_h
}
return retval;
case PAM_SUCCESS:
- if (req_type == WINBINDD_PAM_AUTH) {
- /* Otherwise, the authentication looked good */
- _pam_log(LOG_NOTICE, "user '%s' granted access", user);
- } else if (req_type == WINBINDD_PAM_CHAUTHTOK) {
- /* Otherwise, the authentication looked good */
- _pam_log(LOG_NOTICE, "user '%s' password changed", user);
- } else {
- /* Otherwise, the authentication looked good */
- _pam_log(LOG_NOTICE, "user '%s' OK", user);
+ /* Otherwise, the authentication looked good */
+ switch (req_type) {
+ case WINBINDD_INFO:
+ break;
+ case WINBINDD_PAM_AUTH:
+ _pam_log(LOG_NOTICE, "user '%s' granted access", user);
+ break;
+ case WINBINDD_PAM_CHAUTHTOK:
+ _pam_log(LOG_NOTICE, "user '%s' password changed", user);
+ break;
+ default:
+ _pam_log(LOG_NOTICE, "user '%s' OK", user);
+ break;
}
return retval;