The Samba-Bugzilla – Attachment 1436 Details for
Bug 1524
[patch] pam_winbind sends PAM_NEW_AUTHTOK_REQD at wrong time
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to solve it.
samba.patch (text/plain), 2.50 KB, created by
Gabriel Buades Rubio
on 2005-09-12 00:00:32 UTC
(
hide
)
Description:
Patch to solve it.
Filename:
MIME Type:
Creator:
Gabriel Buades Rubio
Created:
2005-09-12 00:00:32 UTC
Size:
2.50 KB
patch
obsolete
>--- samba-3.0.14a/source/nsswitch/pam_winbind.c 2005-02-25 18:59:30.000000000 +0100 >+++ samba-3.0.14a-caib/source/nsswitch/pam_winbind.c 2005-04-25 11:43:14.000000000 +0200 >@@ -506,7 +513,15 @@ > } > > /* Now use the username to look up password */ >- return winbind_auth_request(username, password, member, ctrl); >+ int result = winbind_auth_request(username, password, member, ctrl); >+ _pam_log(LOG_INFO, "pam_sm_authenticate: %d \n", result); >+ if ( result == PAM_NEW_AUTHTOK_REQD || >+ result == PAM_AUTHTOK_EXPIRED) { >+ // Activate flag to request for password change at account step >+ pam_set_data( pamh, "WINBIND-NEW-AUTHTOK-REQD", 1, _pam_winbind_cleanup_func); >+ return PAM_SUCCESS; >+ } >+ return result; > } > > PAM_EXTERN >@@ -526,7 +541,9 @@ > { > const char *username; > int retval = PAM_USER_UNKNOWN; >+ void *tmp = NULL; > >+ > /* parse arguments */ > int ctrl = _pam_parse(argc, argv); > >@@ -553,9 +570,17 @@ > return PAM_IGNORE; > return PAM_USER_UNKNOWN; > case 0: >- /* Otherwise, the authentication looked good */ >- _pam_log(LOG_NOTICE, "user '%s' granted access", username); >- return PAM_SUCCESS; >+ pam_get_data( pamh, "WINBIND-NEW-AUTHTOK-REQD", &tmp); >+ if (tmp != NULL) >+ { >+ /* Otherwise, the authentication looked good */ >+ _pam_log(LOG_NOTICE, "user '%s' needs new password", username); >+ return PAM_NEW_AUTHTOK_REQD; >+ } else { >+ /* Otherwise, the authentication looked good */ >+ _pam_log(LOG_NOTICE, "user '%s' granted access", username); >+ return PAM_SUCCESS; >+ } > default: > /* we don't know anything about this return value */ > _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'", >@@ -570,6 +595,7 @@ > int pam_sm_open_session(pam_handle_t *pamh, int flags, > int argc, const char **argv) > { >+ > /* parse arguments */ > int ctrl = _pam_parse(argc, argv); > if (ctrl & WINBIND_DEBUG_ARG) >@@ -610,6 +636,7 @@ > * First get the name of a user > */ > retval = pam_get_user(pamh, &user, "Username: "); >+ > if (retval == PAM_SUCCESS) { > if (user == NULL) { > _pam_log(LOG_ERR, "username was NULL!"); >@@ -723,7 +723,7 @@ > lctrl = ctrl; > > if (on(WINBIND_USE_AUTHTOK_ARG, lctrl)) { >- ctrl = WINBIND_USE_FIRST_PASS_ARG | lctrl; >+ ctrl = lctrl | WINBIND_USE_FIRST_PASS_ARG; > } > retry = 0; > retval = PAM_AUTHTOK_ERR;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1524
:
972
| 1436