Bug 149021

Summary:	passwd -e does not work anymore for local users with pam_winbind
Product:	[openSUSE] SUSE Linux 10.1	Reporter:	Stephan Kulow <coolo>
Component:	Basesystem	Assignee:	Guenther Deschner <gd>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Major
Priority:	P5 - None	CC:	joe, kukuk, samba-maintainers
Version:	Beta 4
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:
Found By:	Other	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	let pam_winbind not only rely on getpwnam Updated Patch to better identify whether a user is a winbind user or not Fixed version of that patch Fixed version of that patch

Description Stephan Kulow 2006-02-08 10:46:08 UTC

how to reproduce: 
  * create local user 
  * passwd -e <username>
  * login with username
-> no expiration

Comment 1 Guenther Deschner 2006-02-08 13:14:24 UTC

Ok, pam_winbind should better not return PAM_SUCCESS in pam_sm_acct_mgmt when the existance of the user has just been verified using NSS calls.

The attached patch still has a quirk in the WINBINDD_LOOKUPNAME which will cause an additional delay when logging in, working on that right now.

Comment 2 Guenther Deschner 2006-02-08 13:15:06 UTC

Created attachment 66977 [details]
let pam_winbind not only rely on getpwnam

Comment 3 Guenther Deschner 2006-02-09 12:03:31 UTC

Created attachment 67208 [details]
Updated Patch to better identify whether a user is a winbind user or not

The new fix touches some essential codepaths and still must be thoroughly tested.

Comment 4 Jeremy Allison 2006-02-10 06:00:18 UTC

Yes, this will definately exercise winbindd to detect a winbindd-returned user. The only thing I hate is "parse_valid_domain_user" as well as 
parse_domain_user - can you make it really clear as to why this exists. As far as I can see this is the same except for the block :

+		if (!lp_winbind_use_default_domain() || 
+		    !lp_winbind_trusted_domains_only()) {
+			return False;
+		}

Any way you can make this common and select with a flag instead ?

Jeremy.

Comment 5 Guenther Deschner 2006-02-10 18:50:12 UTC

Created attachment 67689 [details]
Fixed version of that patch

Ok, I fixed that (while fixing parse_domain_user() directly).

If no one shouts, I commit that upstream and to autobuild.

Comment 6 Guenther Deschner 2006-02-10 18:50:16 UTC

Created attachment 67690 [details]
Fixed version of that patch

Ok, I fixed that (while fixing parse_domain_user() directly).

If no one shouts, I commit that upstream and to autobuild.

Comment 7 Guenther Deschner 2006-02-13 15:16:06 UTC

Fixed upstream

Comment 8 Guenther Deschner 2006-02-13 17:51:06 UTC

This is in autobuild right now. Closing this bug.