Fix pam_winbind acct_mgmt PAM result code.
This fixes PAM logins with local accounts when pam_winbind is enabled. Guenther
This commit is contained in:
parent
b5a9f4d951
commit
8c272c7fc9
118
samba-3.0.24-pam_winbind-fixes.patch
Normal file
118
samba-3.0.24-pam_winbind-fixes.patch
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
------------------------------------------------------------------------
|
||||||
|
r21143 | gd | 2007-02-05 15:34:12 +0100 (Mon, 05 Feb 2007) | 7 lines
|
||||||
|
|
||||||
|
Fix wrong check for pam error codes for getpwnam and lookup winbind
|
||||||
|
requests in pam_winbind (Bug #4094).
|
||||||
|
|
||||||
|
Inspired by fix from Lars Heete.
|
||||||
|
|
||||||
|
Guenther
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
Index: source/nsswitch/pam_winbind.c
|
||||||
|
===================================================================
|
||||||
|
--- source/nsswitch/pam_winbind.c (revision 21142)
|
||||||
|
+++ source/nsswitch/pam_winbind.c (revision 21143)
|
||||||
|
@@ -444,21 +444,34 @@ static int pam_winbind_request(pam_handl
|
||||||
|
close_sock();
|
||||||
|
|
||||||
|
/* Copy reply data from socket */
|
||||||
|
- if (response->result != WINBINDD_OK) {
|
||||||
|
- if (response->data.auth.pam_error != PAM_SUCCESS) {
|
||||||
|
- _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
|
||||||
|
- response->data.auth.error_string,
|
||||||
|
- pam_strerror(pamh, response->data.auth.pam_error),
|
||||||
|
- response->data.auth.pam_error,
|
||||||
|
- response->data.auth.nt_status_string);
|
||||||
|
- return response->data.auth.pam_error;
|
||||||
|
- } else {
|
||||||
|
- _pam_log(LOG_ERR, "request failed, but PAM error 0!");
|
||||||
|
- return PAM_SERVICE_ERR;
|
||||||
|
- }
|
||||||
|
+ if (response->result == WINBINDD_OK) {
|
||||||
|
+ return PAM_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return PAM_SUCCESS;
|
||||||
|
+ /* no need to check for pam_error codes for getpwnam() */
|
||||||
|
+ switch (req_type) {
|
||||||
|
+
|
||||||
|
+ case WINBINDD_GETPWNAM:
|
||||||
|
+ case WINBINDD_LOOKUPNAME:
|
||||||
|
+ _pam_log(LOG_ERR, "request failed: %s, NT error was %s",
|
||||||
|
+ response->data.auth.nt_status_string);
|
||||||
|
+ return PAM_USER_UNKNOWN;
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (response->data.auth.pam_error != PAM_SUCCESS) {
|
||||||
|
+ _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
|
||||||
|
+ response->data.auth.error_string,
|
||||||
|
+ pam_strerror(pamh, response->data.auth.pam_error),
|
||||||
|
+ response->data.auth.pam_error,
|
||||||
|
+ response->data.auth.nt_status_string);
|
||||||
|
+ return response->data.auth.pam_error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ _pam_log(LOG_ERR, "request failed, but PAM error 0!");
|
||||||
|
+
|
||||||
|
+ return PAM_SERVICE_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int pam_winbind_request_log(pam_handle_t * pamh,
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r21310 | gd | 2007-02-13 12:04:10 +0100 (Tue, 13 Feb 2007) | 4 lines
|
||||||
|
|
||||||
|
Fix invalid printfs in pam_winbind.
|
||||||
|
|
||||||
|
Guenther
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
Index: source/nsswitch/pam_winbind.c
|
||||||
|
===================================================================
|
||||||
|
--- source/nsswitch/pam_winbind.c (revision 21309)
|
||||||
|
+++ source/nsswitch/pam_winbind.c (revision 21310)
|
||||||
|
@@ -461,8 +461,12 @@ static int pam_winbind_request(pam_handl
|
||||||
|
|
||||||
|
case WINBINDD_GETPWNAM:
|
||||||
|
case WINBINDD_LOOKUPNAME:
|
||||||
|
- _pam_log(LOG_ERR, "request failed: %s, NT error was %s",
|
||||||
|
+ if (strlen(response->data.auth.nt_status_string) > 0) {
|
||||||
|
+ _pam_log(LOG_ERR, "request failed, NT error was %s",
|
||||||
|
response->data.auth.nt_status_string);
|
||||||
|
+ } else {
|
||||||
|
+ _pam_log(LOG_ERR, "request failed");
|
||||||
|
+ }
|
||||||
|
return PAM_USER_UNKNOWN;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
@@ -518,15 +522,19 @@ static int pam_winbind_request_log(pam_h
|
||||||
|
}
|
||||||
|
return retval;
|
||||||
|
case PAM_SUCCESS:
|
||||||
|
- if (req_type == WINBINDD_PAM_AUTH) {
|
||||||
|
- /* Otherwise, the authentication looked good */
|
||||||
|
- _pam_log(LOG_NOTICE, "user '%s' granted access", user);
|
||||||
|
- } else if (req_type == WINBINDD_PAM_CHAUTHTOK) {
|
||||||
|
- /* Otherwise, the authentication looked good */
|
||||||
|
- _pam_log(LOG_NOTICE, "user '%s' password changed", user);
|
||||||
|
- } else {
|
||||||
|
- /* Otherwise, the authentication looked good */
|
||||||
|
- _pam_log(LOG_NOTICE, "user '%s' OK", user);
|
||||||
|
+ /* Otherwise, the authentication looked good */
|
||||||
|
+ switch (req_type) {
|
||||||
|
+ case WINBINDD_INFO:
|
||||||
|
+ break;
|
||||||
|
+ case WINBINDD_PAM_AUTH:
|
||||||
|
+ _pam_log(LOG_NOTICE, "user '%s' granted access", user);
|
||||||
|
+ break;
|
||||||
|
+ case WINBINDD_PAM_CHAUTHTOK:
|
||||||
|
+ _pam_log(LOG_NOTICE, "user '%s' password changed", user);
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ _pam_log(LOG_NOTICE, "user '%s' OK", user);
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
@ -47,6 +47,7 @@ Patch112: samba-3.0.15pre2-bug106483.patch
|
|||||||
Patch114: samba-3.0.24-msdfs-root-no.patch
|
Patch114: samba-3.0.24-msdfs-root-no.patch
|
||||||
Patch115: samba-3.0.24-vista-patchset.patch
|
Patch115: samba-3.0.24-vista-patchset.patch
|
||||||
Patch116: samba-3.0.24-arch_macro.patch
|
Patch116: samba-3.0.24-arch_macro.patch
|
||||||
|
Patch117: samba-3.0.24-pam_winbind-fixes.patch
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
Requires(pre): samba-common = %{epoch}:%{version}-%{release}
|
Requires(pre): samba-common = %{epoch}:%{version}-%{release}
|
||||||
@ -160,6 +161,7 @@ cp %{SOURCE8} packaging/Fedora/winbind.init
|
|||||||
%patch114 -p1 -b .dfsroot
|
%patch114 -p1 -b .dfsroot
|
||||||
%patch115 -p1 -b .vista
|
%patch115 -p1 -b .vista
|
||||||
%patch116 -p0 -b .arch_macro
|
%patch116 -p0 -b .arch_macro
|
||||||
|
%patch117 -p0 -b .pam_winbind
|
||||||
|
|
||||||
# crap
|
# crap
|
||||||
rm -f examples/VFS/.cvsignore
|
rm -f examples/VFS/.cvsignore
|
||||||
@ -552,8 +554,9 @@ exit 0
|
|||||||
%{_libdir}/libsmbclient.a
|
%{_libdir}/libsmbclient.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Mar 16 2007 Guenther Deschner <gdeschner@redhat.com> 3.0.24-4.fc7
|
* Mon Mar 19 2007 Guenther Deschner <gdeschner@redhat.com> 3.0.24-4.fc7
|
||||||
- fix arch macro which reported Vista to Samba clients.
|
- Fix arch macro which reported Vista to Samba clients.
|
||||||
|
- Fix pam_winbind acct_mgmt PAM result code.
|
||||||
|
|
||||||
* Thu Mar 15 2007 Simo Sorce <ssorce@redhat.com> 3.0.24-3.fc7
|
* Thu Mar 15 2007 Simo Sorce <ssorce@redhat.com> 3.0.24-3.fc7
|
||||||
- Directories reorg, tdb files must go to /var/lib, not
|
- Directories reorg, tdb files must go to /var/lib, not
|
||||||
|
Loading…
Reference in New Issue
Block a user