The Samba-Bugzilla – Attachment 12769 Details for
Bug 2210
Some NT_STATUS_* errors don't have mapped PAM errors
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
cherry-picked patch for 4.4 and 4.5
0001-pam-map-more-NT-password-errors-to-PAM-errors.patch (text/plain), 2.26 KB, created by
Björn Jacke
on 2016-12-13 20:20:09 UTC
(
hide
)
Description:
cherry-picked patch for 4.4 and 4.5
Filename:
MIME Type:
Creator:
Björn Jacke
Created:
2016-12-13 20:20:09 UTC
Size:
2.26 KB
patch
obsolete
>From 3d44710c2a2539c726141aa8cfd8aa09a6f03953 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bj@sernet.de> >Date: Wed, 25 Nov 2015 14:04:24 +0100 >Subject: [PATCH] pam: map more NT password errors to PAM errors > >NT_STATUS_ACCOUNT_DISABLED, >NT_STATUS_PASSWORD_RESTRICTION, >NT_STATUS_PWD_HISTORY_CONFLICT, >NT_STATUS_PWD_TOO_RECENT, >NT_STATUS_PWD_TOO_SHORT > >now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is the closest match. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210 > >Signed-off-by: Bjoern Jacke <bj@sernet.de> >--- > libcli/auth/pam_errors.c | 6 +++++- > nsswitch/pam_winbind.c | 4 ++++ > 2 files changed, 9 insertions(+), 1 deletion(-) > >diff --git a/libcli/auth/pam_errors.c b/libcli/auth/pam_errors.c >index 978f8ff..5592d39 100644 >--- a/libcli/auth/pam_errors.c >+++ b/libcli/auth/pam_errors.c >@@ -71,11 +71,15 @@ static const struct { > {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR}, > {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR}, > {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED}, >+ {NT_STATUS_ACCOUNT_DISABLED, PAM_ACCT_EXPIRED}, > {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED}, > {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD}, > {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES}, > {NT_STATUS_NO_MEMORY, PAM_BUF_ERR}, >- {NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED}, >+ {NT_STATUS_PASSWORD_RESTRICTION, PAM_AUTHTOK_ERR}, >+ {NT_STATUS_PWD_HISTORY_CONFLICT, PAM_AUTHTOK_ERR}, >+ {NT_STATUS_PWD_TOO_RECENT, PAM_AUTHTOK_ERR}, >+ {NT_STATUS_PWD_TOO_SHORT, PAM_AUTHTOK_ERR}, > {NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL}, > {NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL}, > {NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL}, >diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c >index 42c4f8e..88a3088 100644 >--- a/nsswitch/pam_winbind.c >+++ b/nsswitch/pam_winbind.c >@@ -775,6 +775,10 @@ static int pam_winbind_request_log(struct pwb_context *ctx, > return PAM_IGNORE; > } > return retval; >+ case PAM_AUTHTOK_ERR: >+ /* Authentication token manipulation error */ >+ _pam_log(LOG_WARNING, "user `%s' authentication token change failed " (pwd complexity/history/min_age not met?)", user); >+ return retval; > case PAM_SUCCESS: > /* Otherwise, the authentication looked good */ > if (strcmp(fn, "wbcLogonUser") == 0) { >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12769">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
bjacke
:
review+
vl
:
review+
Actions:
View
Attachments on
bug 2210
:
877
|
12751
|
12769
|
12813