Attachment #66977 for bug #149021

View | Details | Raw Unified | Return to bug 149021
Collapse All | Expand All




 *	 0  = OK
 * 	-1  = System error
 */
static int valid_user(const char *user, pam_handle_t *pamh, int ctrl)
{
	/* check not only if the user is available over NSS calls, also make
	 * sure it's really a winbind user, this is important when stacking PAM
	 * modules in the 'account' or 'password' facility. */

	struct winbindd_request request;
	struct winbindd_response response;
	struct passwd *pwd = NULL;
	int ret;

	ZERO_STRUCT(request);
	ZERO_STRUCT(response);

	pwd = getpwnam(user);
	if (pwd == NULL) {
		return 1;
	}

	fstrcpy(request.data.name.name, user);
	
	ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_LOOKUPNAME, &request, &response, user);
	switch (ret) {
		case PAM_USER_UNKNOWN:
			return 1;
		case PAM_SUCCESS:
			return 0;
		default:
			return -1;
	}
}

static char *_pam_delete(register char *xx)

	}

	/* Verify the username */
	retval = valid_user(username, pamh, ctrl);
	switch (retval) {
	case -1:
		/* some sort of system error. The log was already printed */


	if (flags & PAM_PRELIM_CHECK) {
		
		/* check if this is really a user in winbindd, not only in NSS */
		retval = valid_user(user, pamh, ctrl);
		switch (retval) {
			case 1:
				return PAM_USER_UNKNOWN;
			case -1:
				return PAM_SYSTEM_ERR;
			default:
				break;
		}
		
		/* instruct user what is happening */
#define greeting "Changing password for "
		fstrcpy(Announce, greeting);

Return to bug 149021

Lines 566-575 Link Here

(-)source/nsswitch/pam_winbind.c (-4 / +41 lines)
566	* 0 = OK	569	* 0 = OK
567	* -1 = System error	570	* -1 = System error
568	*/	571	*/
569	static int valid_user(const char *user)	572	static int valid_user(const char user, pam_handle_t pamh, int ctrl)
570	{	573	{
571	if (getpwnam(user)) return 0;	574	/* check not only if the user is available over NSS calls, also make
572	return 1;	575	* sure it's really a winbind user, this is important when stacking PAM
		576	* modules in the 'account' or 'password' facility. */
		577
		578	struct winbindd_request request;
		579	struct winbindd_response response;
		580	struct passwd *pwd = NULL;
		581	int ret;
		582
		583	ZERO_STRUCT(request);
		584	ZERO_STRUCT(response);
		585
		586	pwd = getpwnam(user);
		587	if (pwd == NULL) {
		588	return 1;
		589	}
		590
		591	fstrcpy(request.data.name.name, user);
		592
		593	ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_LOOKUPNAME, &request, &response, user);
		594	switch (ret) {
		595	case PAM_USER_UNKNOWN:
		596	return 1;
		597	case PAM_SUCCESS:
		598	return 0;
		599	default:
		600	return -1;
		601	}
573	}	602	}
574		603
575	static char _pam_delete(register char xx)	604	static char _pam_delete(register char xx)
Lines 897-903 Link Here
897	}	960	}
898		961
899	/* Verify the username */	962	/* Verify the username */
900	retval = valid_user(username);	963	retval = valid_user(username, pamh, ctrl);
901	switch (retval) {	964	switch (retval) {
902	case -1:	965	case -1:
903	/* some sort of system error. The log was already printed */	966	/* some sort of system error. The log was already printed */
Lines 1130-1135 Link Here
1130		1193
1131	if (flags & PAM_PRELIM_CHECK) {	1194	if (flags & PAM_PRELIM_CHECK) {
1132		1195
		1196	/* check if this is really a user in winbindd, not only in NSS */
		1197	retval = valid_user(user, pamh, ctrl);
		1198	switch (retval) {
		1199	case 1:
		1200	return PAM_USER_UNKNOWN;
		1201	case -1:
		1202	return PAM_SYSTEM_ERR;
		1203	default:
		1204	break;
		1205	}
		1206
1133	/* instruct user what is happening */	1207	/* instruct user what is happening */
1134	#define greeting "Changing password for "	1208	#define greeting "Changing password for "
1135	fstrcpy(Announce, greeting);	1209	fstrcpy(Announce, greeting);