Attachment 17143 Details for Bug 8691 – patch for 4.16 and 4.15

[patch] patch for 4.16 and 4.15

0001-pam_winbind-add-new-pwd_change_prompt-option-default.patch (text/plain), 3.40 KB, created by Andreas Schneider on 2022-02-03 09:30:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2022-02-03 09:30:04 UTC

Size: 3.40 KB

patch

obsolete

>From 513946aec6ddf4cb61d5d460e0478fd7ffd7be21 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Wed, 17 Nov 2021 09:56:09 +0100
>Subject: [PATCH] pam_winbind: add new pwd_change_prompt option (defaults to
> off).
>
>This change disables the prompt for the change of an expired password by
>default (using the PAM_RADIO_TYPE mechanism if present).
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=8691
>
>Guenther
>
>Signed-off-by: Guenther Deschner <gd@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 20c85cc1da8d8c7f1932fbdd92128bb6dafad472)
>---
> docs-xml/manpages/pam_winbind.conf.5.xml |  7 +++++++
> nsswitch/pam_winbind.c                   | 12 ++++++++++--
> nsswitch/pam_winbind.h                   |  1 +
> 3 files changed, 18 insertions(+), 2 deletions(-)
>
>diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
>index 0bc288f91a1..bae9298fc32 100644
>--- a/docs-xml/manpages/pam_winbind.conf.5.xml
>+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
>@@ -194,6 +194,13 @@
> 		</para></listitem>
> 		</varlistentry>
> 
>+		<varlistentry>
>+		<term>pwd_change_prompt = yes|no</term>
>+		<listitem><para>
>+			Generate prompt for changing an expired password. Defaults to "no".
>+		</para></listitem>
>+		</varlistentry>
>+
> 		</variablelist>
> 
> 	</para>
>diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
>index 720a4b90d85..06098dd07d8 100644
>--- a/nsswitch/pam_winbind.c
>+++ b/nsswitch/pam_winbind.c
>@@ -479,6 +479,10 @@ static int _pam_parse(const pam_handle_t *pamh,
> 		ctrl |= WINBIND_MKHOMEDIR;
> 	}
> 
>+	if (tiniparser_getboolean(d, "global:pwd_change_prompt", false)) {
>+		ctrl |= WINBIND_PWD_CHANGE_PROMPT;
>+	}
>+
> config_from_pam:
> 	/* step through arguments */
> 	for (i=argc,v=argv; i-- > 0; ++v) {
>@@ -522,6 +526,8 @@ config_from_pam:
> 		else if (!strncasecmp(*v, "warn_pwd_expire",
> 			strlen("warn_pwd_expire")))
> 			ctrl |= WINBIND_WARN_PWD_EXPIRE;
>+		else if (!strcasecmp(*v, "pwd_change_prompt"))
>+			ctrl |= WINBIND_PWD_CHANGE_PROMPT;
> 		else if (type != PAM_WINBIND_CLEANUP) {
> 			__pam_log(pamh, ctrl, LOG_ERR,
> 				 "pam_parse: unknown option: %s", *v);
>@@ -976,7 +982,8 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx,
> 		 * successfully sent the warning message.
> 		 * Give the user a chance to change pwd.
> 		 */
>-		if (ret == PAM_SUCCESS) {
>+		if (ret == PAM_SUCCESS &&
>+		    (ctx->ctrl & WINBIND_PWD_CHANGE_PROMPT)) {
> 			if (change_pwd) {
> 				retval = _pam_winbind_change_pwd(ctx);
> 				if (retval) {
>@@ -1006,7 +1013,8 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx,
> 		 * successfully sent the warning message.
> 		 * Give the user a chance to change pwd.
> 		 */
>-		if (ret == PAM_SUCCESS) {
>+		if (ret == PAM_SUCCESS &&
>+		    (ctx->ctrl & WINBIND_PWD_CHANGE_PROMPT)) {
> 			if (change_pwd) {
> 				retval = _pam_winbind_change_pwd(ctx);
> 				if (retval) {
>diff --git a/nsswitch/pam_winbind.h b/nsswitch/pam_winbind.h
>index c6786d65a4d..2f4a25729bd 100644
>--- a/nsswitch/pam_winbind.h
>+++ b/nsswitch/pam_winbind.h
>@@ -157,6 +157,7 @@ do {                             \
> #define WINBIND_WARN_PWD_EXPIRE		0x00002000
> #define WINBIND_MKHOMEDIR		0x00004000
> #define WINBIND_TRY_AUTHTOK_ARG		0x00008000
>+#define WINBIND_PWD_CHANGE_PROMPT	0x00010000
> 
> #if defined(HAVE_GETTEXT) && !defined(__LCLINT__)
> #define _(string) dgettext(MODULE_NAME, string)
>-- 
>2.35.1
>

Flags:

ab: review+
gd: review+

Actions: View

Attachments on bug 8691: 17143