The Samba-Bugzilla – Attachment 4864 Details for
Bug 6826
When require-membership-of contains invalid groups, login for all users failed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for v3-3-test
pam_winbind-require-membership-v3-3-test.mbox (text/plain), 2.01 KB, created by
Bo Yang
on 2009-10-19 00:19:23 UTC
(
hide
)
Description:
patch for v3-3-test
Filename:
MIME Type:
Creator:
Bo Yang
Created:
2009-10-19 00:19:23 UTC
Size:
2.01 KB
patch
obsolete
>From 5856338613375e2c188df74c3b9a5f0cd42c2478 Mon Sep 17 00:00:00 2001 >From: Bo Yang <boyang@samba.org> >Date: Tue, 20 Oct 2009 02:23:36 +0800 >Subject: [PATCH] s3: Don't fail authentication when one or some group of require-membership-of is invalid. > >Signed-off-by: Bo Yang <boyang@samba.org> >--- > source/nsswitch/pam_winbind.c | 25 +++++++++++++++++++++++-- > 1 files changed, 23 insertions(+), 2 deletions(-) > >diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c >index 0dcd084..3d0c5ef 100644 >--- a/source/nsswitch/pam_winbind.c >+++ b/source/nsswitch/pam_winbind.c >@@ -1053,7 +1053,23 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx, > current_name, > sid_list_buffer, > sid_list_buffer_size)) { >- goto out; >+ /* >+ * If one group name failed, we must not fail >+ * the authentication totally, continue with >+ * the following group names. If user belongs to >+ * one of the valid groups, we must allow it >+ * login. -- BoYang >+ */ >+ >+ _pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, " >+ "check if group %s is valid group.", current_name, >+ current_name); >+ _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s " >+ "to sid, please contact your administrator to see " >+ "if group %s is valid."), current_name, current_name); >+ SAFE_FREE(current_name); >+ search_location = comma + 1; >+ continue; > } > > SAFE_FREE(current_name); >@@ -1069,7 +1085,12 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx, > if (!winbind_name_to_sid_string(ctx, user, search_location, > sid_list_buffer, > sid_list_buffer_size)) { >- goto out; >+ _pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, " >+ "check if group %s is valid group.", search_location, >+ search_location); >+ _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s " >+ "to sid, please contact your administrator to see " >+ "if group %s is valid."), search_location, search_location); > } > > result = true; >-- >1.5.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6826
: 4864 |
4865