svn commit: samba r20254 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/nsswitch

gd at samba.org gd at samba.org
Tue Dec 19 17:35:48 GMT 2006 

Author: gd
Date: 2006-12-19 17:35:47 +0000 (Tue, 19 Dec 2006)
New Revision: 20254

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20254

Log:
The pam_chauthtok needs to go through the async interface as well. 
This fixes pam password changes in the online case.

Guenther

Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
   branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c
   branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c	2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c	2006-12-19 17:35:47 UTC (rev 20254)
@@ -355,6 +355,7 @@
 	{ WINBINDD_PAM_AUTH_CRAP,        winbindd_dual_pam_auth_crap,         "AUTH_CRAP" },
 	{ WINBINDD_PAM_LOGOFF,           winbindd_dual_pam_logoff,            "PAM_LOGOFF" },
 	{ WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,winbindd_dual_pam_chng_pswd_auth_crap,"CHNG_PSWD_AUTH_CRAP" },
+	{ WINBINDD_PAM_CHAUTHTOK,        winbindd_dual_pam_chauthtok,         "PAM_CHAUTHTOK" },
 	{ WINBINDD_CHECK_MACHACC,        winbindd_dual_check_machine_acct,    "CHECK_MACHACC" },
 	{ WINBINDD_DUAL_SID2UID,         winbindd_dual_sid2uid,               "DUAL_SID2UID" },
 	{ WINBINDD_DUAL_SID2GID,         winbindd_dual_sid2gid,               "DUAL_SID2GID" },

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-12-19 17:35:47 UTC (rev 20254)
@@ -1793,16 +1793,8 @@
 
 void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
 {
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	char *oldpass;
-	char *newpass = NULL;
 	fstring domain, user;
-	POLICY_HND dom_pol;
 	struct winbindd_domain *contact_domain;
-	struct rpc_pipe_client *cli;
-	BOOL got_info = False;
-	SAM_UNK_INFO_1 info;
-	SAMR_CHANGE_REJECT reject;
 
 	DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
 		state->request.data.chauthtok.user));
@@ -1822,9 +1814,33 @@
 
 	contact_domain = find_domain_from_name(domain);
 	if (!contact_domain) {
+		set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
 		DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n", 
 			  state->request.data.chauthtok.user, domain, user, domain)); 
-		result = NT_STATUS_NO_SUCH_USER;
+		request_error(state);
+		return;
+	}
+
+	sendto_domain(state, contact_domain);
+}
+
+enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
+						 struct winbindd_cli_state *state)
+{
+	char *oldpass;
+	char *newpass = NULL;
+	POLICY_HND dom_pol;
+	struct rpc_pipe_client *cli;
+	BOOL got_info = False;
+	SAM_UNK_INFO_1 info;
+	SAMR_CHANGE_REJECT reject;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	fstring domain, user;
+
+	DEBUG(3, ("[%5lu]: dual pam chauthtok %s\n", (unsigned long)state->pid,
+		  state->request.data.auth.user));
+
+	if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) {
 		goto done;
 	}
 
@@ -1931,11 +1947,7 @@
 	       state->response.data.auth.nt_status_string,
 	       state->response.data.auth.pam_error));	      
 
-	if (NT_STATUS_IS_OK(result)) {
-		request_ok(state);
-	} else {
-		request_error(state);
-	}
+	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
 }
 
 void winbindd_pam_logoff(struct winbindd_cli_state *state)

Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c	2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c	2006-12-19 17:35:47 UTC (rev 20254)
@@ -355,6 +355,7 @@
 	{ WINBINDD_PAM_AUTH_CRAP,        winbindd_dual_pam_auth_crap,         "AUTH_CRAP" },
 	{ WINBINDD_PAM_LOGOFF,           winbindd_dual_pam_logoff,            "PAM_LOGOFF" },
 	{ WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,winbindd_dual_pam_chng_pswd_auth_crap,"CHNG_PSWD_AUTH_CRAP" },
+	{ WINBINDD_PAM_CHAUTHTOK,        winbindd_dual_pam_chauthtok,         "PAM_CHAUTHTOK" },
 	{ WINBINDD_CHECK_MACHACC,        winbindd_dual_check_machine_acct,    "CHECK_MACHACC" },
 	{ WINBINDD_DUAL_SID2UID,         winbindd_dual_sid2uid,               "DUAL_SID2UID" },
 	{ WINBINDD_DUAL_SID2GID,         winbindd_dual_sid2gid,               "DUAL_SID2GID" },

Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c	2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c	2006-12-19 17:35:47 UTC (rev 20254)
@@ -1793,16 +1793,8 @@
 
 void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
 {
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	char *oldpass;
-	char *newpass = NULL;
 	fstring domain, user;
-	POLICY_HND dom_pol;
 	struct winbindd_domain *contact_domain;
-	struct rpc_pipe_client *cli;
-	BOOL got_info = False;
-	SAM_UNK_INFO_1 info;
-	SAMR_CHANGE_REJECT reject;
 
 	DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
 		state->request.data.chauthtok.user));
@@ -1822,9 +1814,33 @@
 
 	contact_domain = find_domain_from_name(domain);
 	if (!contact_domain) {
+		set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
 		DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n", 
 			  state->request.data.chauthtok.user, domain, user, domain)); 
-		result = NT_STATUS_NO_SUCH_USER;
+		request_error(state);
+		return;
+	}
+
+	sendto_domain(state, contact_domain);
+}
+
+enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
+						 struct winbindd_cli_state *state)
+{
+	char *oldpass;
+	char *newpass = NULL;
+	POLICY_HND dom_pol;
+	struct rpc_pipe_client *cli;
+	BOOL got_info = False;
+	SAM_UNK_INFO_1 info;
+	SAMR_CHANGE_REJECT reject;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	fstring domain, user;
+
+	DEBUG(3, ("[%5lu]: dual pam chauthtok %s\n", (unsigned long)state->pid,
+		  state->request.data.auth.user));
+
+	if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) {
 		goto done;
 	}
 
@@ -1931,11 +1947,7 @@
 	       state->response.data.auth.nt_status_string,
 	       state->response.data.auth.pam_error));	      
 
-	if (NT_STATUS_IS_OK(result)) {
-		request_ok(state);
-	} else {
-		request_error(state);
-	}
+	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
 }
 
 void winbindd_pam_logoff(struct winbindd_cli_state *state)

More information about the samba-cvs mailing list