The Samba-Bugzilla – Attachment 972 Details for
Bug 1524
[patch] pam_winbind sends PAM_NEW_AUTHTOK_REQD at wrong time
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to fix winbind bug
samba_winbind_mtech.patch (text/plain), 2.53 KB, created by
Scott Barker
on 2005-02-17 15:28:04 UTC
(
hide
)
Description:
Patch to fix winbind bug
Filename:
MIME Type:
Creator:
Scott Barker
Created:
2005-02-17 15:28:04 UTC
Size:
2.53 KB
patch
obsolete
>--- samba/source/nsswitch/pam_winbind.c Sun Apr 4 00:37:18 2004 >+++ samba.mtech/source/nsswitch/pam_winbind.c Tue Jul 13 10:30:41 2004 >@@ -420,6 +420,7 @@ > const char *username; > const char *password; > int retval = PAM_AUTH_ERR; >+ static char buf[256] = {0}; > > /* parse arguments */ > int ctrl = _pam_parse(argc, argv); >@@ -454,7 +455,23 @@ > } > > /* Now use the username to look up password */ >- return winbind_auth_request(username, password, ctrl); >+ retval = winbind_auth_request(username, password, ctrl); >+ >+ sprintf(buf, "%d", retval); >+ if(pam_set_data(pamh, "winbind_auth_retval", buf, NULL) != PAM_SUCCESS) { >+ _pam_log(LOG_WARNING, "pam_sm_authenticate return code %d cannot be saved for pam_sm_acct_mgmt", retval); >+ return PAM_BAD_ITEM; >+ } >+ switch (retval) { >+ case PAM_AUTHTOK_EXPIRED: >+ _pam_log(LOG_WARNING, "pam_sm_authenticate would return PAM_AUTHTOK_EXPIRED, returning PAM_SUCCESS instead"); >+ return PAM_SUCCESS; >+ case PAM_NEW_AUTHTOK_REQD: >+ _pam_log(LOG_WARNING, "pam_sm_authenticate would return PAM_NEW_AUTHTOK_REQD, returning PAM_SUCCESS instead"); >+ return PAM_SUCCESS; >+ default: >+ return retval; >+ } > } > > PAM_EXTERN >@@ -474,6 +491,7 @@ > { > const char *username; > int retval = PAM_USER_UNKNOWN; >+ char *ptr = NULL; > > /* parse arguments */ > int ctrl = _pam_parse(argc, argv); >@@ -503,7 +521,7 @@ > case 0: > /* Otherwise, the authentication looked good */ > _pam_log(LOG_NOTICE, "user '%s' granted acces", username); >- return PAM_SUCCESS; >+ break; > default: > /* we don't know anything about this return value */ > _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'", >@@ -511,6 +529,23 @@ > return PAM_SERVICE_ERR; > } > >+ if( pam_get_data(pamh, "winbind_auth_retval", (const void **)&ptr) != PAM_SUCCESS ) { >+ _pam_log(LOG_WARNING, "pam_sm_acct_mgmt cannot retrieve pam_sm_authenticate return value"); >+ return retval; >+ } >+ >+ retval = atoi( ptr ); >+ switch (retval) { >+ case PAM_AUTHTOK_EXPIRED: >+ _pam_log(LOG_WARNING, "pam_sm_acct_mgmt would return PAM_AUTHTOK_EXPIRED"); >+ /* fall through, since new token is required in this case */ >+ case PAM_NEW_AUTHTOK_REQD: >+ _pam_log(LOG_WARNING, "pam_sm_acct_mgmt returning PAM_NEW_AUTHTOK_REQD"); >+ return retval; >+ default: >+ return PAM_SUCCESS; >+ } >+ > /* should not be reached */ > return PAM_IGNORE; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1524
: 972 |
1436