The Samba-Bugzilla – Attachment 2100 Details for
Bug 3969
3.0.23a all AD accounts password expired
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix bad time comparison
pam_winbind.patch (text/plain), 5.85 KB, created by
Gerald (Jerry) Carter (dead mail address)
on 2006-08-22 17:49:22 UTC
(
hide
)
Description:
Fix bad time comparison
Filename:
MIME Type:
Creator:
Gerald (Jerry) Carter (dead mail address)
Created:
2006-08-22 17:49:22 UTC
Size:
5.85 KB
patch
obsolete
>Index: source/nsswitch/winbindd_nss.h >=================================================================== >--- source/nsswitch/winbindd_nss.h (revision 17720) >+++ source/nsswitch/winbindd_nss.h (working copy) >@@ -42,8 +42,8 @@ > between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2. > The easiest way to do this is to always use 8byte values for time_t. */ > >-#if defined(uint64) >-# define SMB_TIME_T uint64 >+#if defined(int64) >+# define SMB_TIME_T int64 > #else > # define SMB_TIME_T time_t > #endif >@@ -190,7 +190,7 @@ > #define WBFLAG_PAM_KRB5 0x1000 > #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 > #define WBFLAG_PAM_CACHED_LOGIN 0x4000 >-#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 >+#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */ > > #define WINBINDD_MAX_EXTRA_DATA (128*1024) > >Index: source/nsswitch/winbind_nss_config.h >=================================================================== >--- source/nsswitch/winbind_nss_config.h (revision 17720) >+++ source/nsswitch/winbind_nss_config.h (working copy) >@@ -24,12 +24,12 @@ > #ifndef _WINBIND_NSS_CONFIG_H > #define _WINBIND_NSS_CONFIG_H > >-/* shutup the compiler warnings due to krb5.h on i >- 64-bit sles9 */ >+/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */ > #ifdef SIZEOF_LONG > #undef SIZEOF_LONG > #endif > >+ > /* Include header files from data in config.h file */ > > #ifndef NO_CONFIG_H >@@ -137,7 +137,16 @@ > #endif /* don't lie. If we don't have it, then don't use it */ > #endif > >+#if !defined(int64) >+#if (SIZEOF_LONG == 8) >+#define int64 long >+#elif (SIZEOF_LONG_LONG == 8) >+#define int64 long long >+#endif /* don't lie. If we don't have it, then don't use it */ >+#endif > >+ >+ > /* zero a structure */ > #ifndef ZERO_STRUCT > #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) >Index: source/nsswitch/pam_winbind.c >=================================================================== >--- source/nsswitch/pam_winbind.c (revision 17720) >+++ source/nsswitch/pam_winbind.c (working copy) >@@ -348,7 +348,7 @@ > request.data.auth.krb5_cc_type[0] = '\0'; > request.data.auth.uid = -1; > >- request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY; >+ request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM; > > if (ctrl & WINBIND_KRB5_AUTH) { > >@@ -546,7 +546,7 @@ > } > > if (ctrl & WINBIND_KRB5_AUTH) { >- request.flags = WBFLAG_PAM_KRB5; >+ request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM; > } > > ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user); >@@ -1132,7 +1132,7 @@ > } > request.data.logoff.uid = pwd->pw_uid; > >- request.flags = WBFLAG_PAM_KRB5; >+ request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM; > > retval = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user); > } >@@ -1373,7 +1373,7 @@ > * Copyright (c) Tim Potter <tpot@samba.org> 2000 > * Copyright (c) Andrew Bartlettt <abartlet@samba.org> 2002 > * Copyright (c) Guenther Deschner <gd@samba.org> 2005-2006 >- * Copyright (c) Jan Rêkorajski 1999. >+ * Copyright (c) Jan Rêkorajski 1999. > * Copyright (c) Andrew G. Morgan 1996-8. > * Copyright (c) Alex O. Yuriev, 1996. > * Copyright (c) Cristian Gafton 1996. >Index: source/nsswitch/winbindd_pam.c >=================================================================== >--- source/nsswitch/winbindd_pam.c (revision 17720) >+++ source/nsswitch/winbindd_pam.c (working copy) >@@ -6,7 +6,7 @@ > Copyright (C) Andrew Tridgell 2000 > Copyright (C) Tim Potter 2001 > Copyright (C) Andrew Bartlett 2001-2002 >- Copyright (C) Guenther Deschner 2005-2006 >+ Copyright (C) Guenther Deschner 2005 > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by >@@ -222,44 +222,18 @@ > return NULL; > } > >- if (strequal(domain_name, lp_workgroup())) { >- return find_our_domain(); >- } >- >-#ifdef HAVE_ADS >- >- /* when trying to login using krb5 with a trusted domain account, we >- * need to make sure that our and the remote domain are AD */ >- >- if ((state->request.flags & WBFLAG_PAM_KRB5) && >- (lp_security() == SEC_ADS)) { >- >- struct winbindd_domain *our_domain = find_our_domain(); >- >- if (!our_domain->active_directory) { >- DEBUG(3,("find_auth_domain: out domain is not AD\n")); >- return NULL; >- } >- >- if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) { >- return NULL; >- } >- >- /* do we already know it's AD ? */ >- if (domain->active_directory) { >+ /* we can auth against trusted domains */ >+ if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) { >+ domain = find_domain_from_name_noinit(domain_name); >+ if (domain == NULL) { >+ DEBUG(3, ("Authentication for domain [%s] skipped " >+ "as it is not a trusted domain\n", >+ domain_name)); >+ } else { > return domain; > } >- >- set_dc_type_and_flags(domain); >- >- if (!domain->active_directory) { >- DEBUG(3,("find_auth_domain: remote domain is not AD\n")); >- return NULL; > } > >- return domain; >- } >-#endif > return find_our_domain(); > } > >@@ -1286,15 +1260,12 @@ > > } > >- /* this is required to provide password expiry warning */ >- if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) { > result = fillup_password_policy(domain, state); > > if (!NT_STATUS_IS_OK(result)) { > DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result))); > goto done; > } >- } > > } > >Index: source/include/includes.h >=================================================================== >--- source/include/includes.h (revision 17720) >+++ source/include/includes.h (working copy) >@@ -667,7 +667,15 @@ > #endif /* don't lie. If we don't have it, then don't use it */ > #endif > >+#if !defined(int64) >+#if (SIZEOF_LONG == 8) >+#define int64 long >+#elif (SIZEOF_LONG_LONG == 8) >+#define int64 long long >+#endif /* don't lie. If we don't have it, then don't use it */ >+#endif > >+ > /* > * Types for devices, inodes and offsets. > */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2100">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3969
:
2088
| 2100