Attachment 1436 Details for Bug 1524 – Patch to solve it.

[patch] Patch to solve it.

samba.patch (text/plain), 2.50 KB, created by Gabriel Buades Rubio on 2005-09-12 00:00:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Gabriel Buades Rubio

Created: 2005-09-12 00:00:32 UTC

Size: 2.50 KB

patch

obsolete

>--- samba-3.0.14a/source/nsswitch/pam_winbind.c	2005-02-25 18:59:30.000000000 +0100
>+++ samba-3.0.14a-caib/source/nsswitch/pam_winbind.c	2005-04-25 11:43:14.000000000 +0200
>@@ -506,7 +513,15 @@
>      }
> 
>      /* Now use the username to look up password */
>-     return winbind_auth_request(username, password, member, ctrl);
>+     int result = winbind_auth_request(username, password, member, ctrl);
>+     _pam_log(LOG_INFO, "pam_sm_authenticate: %d \n", result);
>+     if ( result == PAM_NEW_AUTHTOK_REQD ||
>+	  result == PAM_AUTHTOK_EXPIRED) {
>+       // Activate flag to request for password change at account step        
>+	pam_set_data( pamh, "WINBIND-NEW-AUTHTOK-REQD", 1, _pam_winbind_cleanup_func);
>+	return PAM_SUCCESS;
>+     }
>+     return result;
> }
> 
> PAM_EXTERN
>@@ -526,7 +541,9 @@
> {
>     const char *username;
>     int retval = PAM_USER_UNKNOWN;
>+    void *tmp = NULL;
> 
>+
>     /* parse arguments */
>     int ctrl = _pam_parse(argc, argv);
> 
>@@ -553,9 +570,17 @@
> 		return PAM_IGNORE;
> 	    return PAM_USER_UNKNOWN;
> 	case 0:
>-	    /* Otherwise, the authentication looked good */
>-	    _pam_log(LOG_NOTICE, "user '%s' granted access", username);
>-	    return PAM_SUCCESS;
>+	    pam_get_data( pamh, "WINBIND-NEW-AUTHTOK-REQD", &tmp);
>+	    if (tmp != NULL)
>+	    {
>+	       /* Otherwise, the authentication looked good */
>+	       _pam_log(LOG_NOTICE, "user '%s' needs new password", username);
>+	       return PAM_NEW_AUTHTOK_REQD;
>+	    } else {
>+	       /* Otherwise, the authentication looked good */
>+	       _pam_log(LOG_NOTICE, "user '%s' granted access", username);
>+	       return PAM_SUCCESS;
>+	    }
> 	default:
> 	    /* we don't know anything about this return value */
> 	    _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'",
>@@ -570,6 +595,7 @@
> int pam_sm_open_session(pam_handle_t *pamh, int flags,
>                 int argc, const char **argv)
> {
>+	
>         /* parse arguments */
>         int ctrl = _pam_parse(argc, argv);
>         if (ctrl & WINBIND_DEBUG_ARG)
>@@ -610,6 +636,7 @@
> 	 * First get the name of a user
> 	 */
> 	retval = pam_get_user(pamh, &user, "Username: ");
>+	
> 	if (retval == PAM_SUCCESS) {
> 		if (user == NULL) {
> 			_pam_log(LOG_ERR, "username was NULL!");
>@@ -723,7 +723,7 @@
>                lctrl = ctrl;
>
>                if (on(WINBIND_USE_AUTHTOK_ARG, lctrl)) {
>-                       ctrl = WINBIND_USE_FIRST_PASS_ARG | lctrl;
>+                       ctrl = lctrl | WINBIND_USE_FIRST_PASS_ARG;
>                }
>                retry = 0;
>                retval = PAM_AUTHTOK_ERR;

Actions: View

Attachments on bug 1524: 972 | 1436