The Samba-Bugzilla – Attachment 17143 Details for
Bug 8691
pam_winbind will not allow gdm login if password about to expire
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.16 and 4.15
0001-pam_winbind-add-new-pwd_change_prompt-option-default.patch (text/plain), 3.40 KB, created by
Andreas Schneider
on 2022-02-03 09:30:04 UTC
(
hide
)
Description:
patch for 4.16 and 4.15
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2022-02-03 09:30:04 UTC
Size:
3.40 KB
patch
obsolete
>From 513946aec6ddf4cb61d5d460e0478fd7ffd7be21 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 17 Nov 2021 09:56:09 +0100 >Subject: [PATCH] pam_winbind: add new pwd_change_prompt option (defaults to > off). > >This change disables the prompt for the change of an expired password by >default (using the PAM_RADIO_TYPE mechanism if present). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=8691 > >Guenther > >Signed-off-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 20c85cc1da8d8c7f1932fbdd92128bb6dafad472) >--- > docs-xml/manpages/pam_winbind.conf.5.xml | 7 +++++++ > nsswitch/pam_winbind.c | 12 ++++++++++-- > nsswitch/pam_winbind.h | 1 + > 3 files changed, 18 insertions(+), 2 deletions(-) > >diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml >index 0bc288f91a1..bae9298fc32 100644 >--- a/docs-xml/manpages/pam_winbind.conf.5.xml >+++ b/docs-xml/manpages/pam_winbind.conf.5.xml >@@ -194,6 +194,13 @@ > </para></listitem> > </varlistentry> > >+ <varlistentry> >+ <term>pwd_change_prompt = yes|no</term> >+ <listitem><para> >+ Generate prompt for changing an expired password. Defaults to "no". >+ </para></listitem> >+ </varlistentry> >+ > </variablelist> > > </para> >diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c >index 720a4b90d85..06098dd07d8 100644 >--- a/nsswitch/pam_winbind.c >+++ b/nsswitch/pam_winbind.c >@@ -479,6 +479,10 @@ static int _pam_parse(const pam_handle_t *pamh, > ctrl |= WINBIND_MKHOMEDIR; > } > >+ if (tiniparser_getboolean(d, "global:pwd_change_prompt", false)) { >+ ctrl |= WINBIND_PWD_CHANGE_PROMPT; >+ } >+ > config_from_pam: > /* step through arguments */ > for (i=argc,v=argv; i-- > 0; ++v) { >@@ -522,6 +526,8 @@ config_from_pam: > else if (!strncasecmp(*v, "warn_pwd_expire", > strlen("warn_pwd_expire"))) > ctrl |= WINBIND_WARN_PWD_EXPIRE; >+ else if (!strcasecmp(*v, "pwd_change_prompt")) >+ ctrl |= WINBIND_PWD_CHANGE_PROMPT; > else if (type != PAM_WINBIND_CLEANUP) { > __pam_log(pamh, ctrl, LOG_ERR, > "pam_parse: unknown option: %s", *v); >@@ -976,7 +982,8 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx, > * successfully sent the warning message. > * Give the user a chance to change pwd. > */ >- if (ret == PAM_SUCCESS) { >+ if (ret == PAM_SUCCESS && >+ (ctx->ctrl & WINBIND_PWD_CHANGE_PROMPT)) { > if (change_pwd) { > retval = _pam_winbind_change_pwd(ctx); > if (retval) { >@@ -1006,7 +1013,8 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx, > * successfully sent the warning message. > * Give the user a chance to change pwd. > */ >- if (ret == PAM_SUCCESS) { >+ if (ret == PAM_SUCCESS && >+ (ctx->ctrl & WINBIND_PWD_CHANGE_PROMPT)) { > if (change_pwd) { > retval = _pam_winbind_change_pwd(ctx); > if (retval) { >diff --git a/nsswitch/pam_winbind.h b/nsswitch/pam_winbind.h >index c6786d65a4d..2f4a25729bd 100644 >--- a/nsswitch/pam_winbind.h >+++ b/nsswitch/pam_winbind.h >@@ -157,6 +157,7 @@ do { \ > #define WINBIND_WARN_PWD_EXPIRE 0x00002000 > #define WINBIND_MKHOMEDIR 0x00004000 > #define WINBIND_TRY_AUTHTOK_ARG 0x00008000 >+#define WINBIND_PWD_CHANGE_PROMPT 0x00010000 > > #if defined(HAVE_GETTEXT) && !defined(__LCLINT__) > #define _(string) dgettext(MODULE_NAME, string) >-- >2.35.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ab
:
review+
gd
:
review+
Actions:
View
Attachments on
bug 8691
: 17143