svn commit: samba r20254 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_24/source/nsswitch
gd at samba.org
gd at samba.org
Tue Dec 19 17:35:48 GMT 2006
Author: gd
Date: 2006-12-19 17:35:47 +0000 (Tue, 19 Dec 2006)
New Revision: 20254
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20254
Log:
The pam_chauthtok needs to go through the async interface as well.
This fixes pam password changes in the online case.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c
branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-12-19 17:35:47 UTC (rev 20254)
@@ -355,6 +355,7 @@
{ WINBINDD_PAM_AUTH_CRAP, winbindd_dual_pam_auth_crap, "AUTH_CRAP" },
{ WINBINDD_PAM_LOGOFF, winbindd_dual_pam_logoff, "PAM_LOGOFF" },
{ WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,winbindd_dual_pam_chng_pswd_auth_crap,"CHNG_PSWD_AUTH_CRAP" },
+ { WINBINDD_PAM_CHAUTHTOK, winbindd_dual_pam_chauthtok, "PAM_CHAUTHTOK" },
{ WINBINDD_CHECK_MACHACC, winbindd_dual_check_machine_acct, "CHECK_MACHACC" },
{ WINBINDD_DUAL_SID2UID, winbindd_dual_sid2uid, "DUAL_SID2UID" },
{ WINBINDD_DUAL_SID2GID, winbindd_dual_sid2gid, "DUAL_SID2GID" },
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-12-19 17:35:47 UTC (rev 20254)
@@ -1793,16 +1793,8 @@
void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
{
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- char *oldpass;
- char *newpass = NULL;
fstring domain, user;
- POLICY_HND dom_pol;
struct winbindd_domain *contact_domain;
- struct rpc_pipe_client *cli;
- BOOL got_info = False;
- SAM_UNK_INFO_1 info;
- SAMR_CHANGE_REJECT reject;
DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
state->request.data.chauthtok.user));
@@ -1822,9 +1814,33 @@
contact_domain = find_domain_from_name(domain);
if (!contact_domain) {
+ set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n",
state->request.data.chauthtok.user, domain, user, domain));
- result = NT_STATUS_NO_SUCH_USER;
+ request_error(state);
+ return;
+ }
+
+ sendto_domain(state, contact_domain);
+}
+
+enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
+ struct winbindd_cli_state *state)
+{
+ char *oldpass;
+ char *newpass = NULL;
+ POLICY_HND dom_pol;
+ struct rpc_pipe_client *cli;
+ BOOL got_info = False;
+ SAM_UNK_INFO_1 info;
+ SAMR_CHANGE_REJECT reject;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ fstring domain, user;
+
+ DEBUG(3, ("[%5lu]: dual pam chauthtok %s\n", (unsigned long)state->pid,
+ state->request.data.auth.user));
+
+ if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) {
goto done;
}
@@ -1931,11 +1947,7 @@
state->response.data.auth.nt_status_string,
state->response.data.auth.pam_error));
- if (NT_STATUS_IS_OK(result)) {
- request_ok(state);
- } else {
- request_error(state);
- }
+ return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
void winbindd_pam_logoff(struct winbindd_cli_state *state)
Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c 2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c 2006-12-19 17:35:47 UTC (rev 20254)
@@ -355,6 +355,7 @@
{ WINBINDD_PAM_AUTH_CRAP, winbindd_dual_pam_auth_crap, "AUTH_CRAP" },
{ WINBINDD_PAM_LOGOFF, winbindd_dual_pam_logoff, "PAM_LOGOFF" },
{ WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,winbindd_dual_pam_chng_pswd_auth_crap,"CHNG_PSWD_AUTH_CRAP" },
+ { WINBINDD_PAM_CHAUTHTOK, winbindd_dual_pam_chauthtok, "PAM_CHAUTHTOK" },
{ WINBINDD_CHECK_MACHACC, winbindd_dual_check_machine_acct, "CHECK_MACHACC" },
{ WINBINDD_DUAL_SID2UID, winbindd_dual_sid2uid, "DUAL_SID2UID" },
{ WINBINDD_DUAL_SID2GID, winbindd_dual_sid2gid, "DUAL_SID2GID" },
Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c 2006-12-19 16:36:54 UTC (rev 20253)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c 2006-12-19 17:35:47 UTC (rev 20254)
@@ -1793,16 +1793,8 @@
void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
{
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- char *oldpass;
- char *newpass = NULL;
fstring domain, user;
- POLICY_HND dom_pol;
struct winbindd_domain *contact_domain;
- struct rpc_pipe_client *cli;
- BOOL got_info = False;
- SAM_UNK_INFO_1 info;
- SAMR_CHANGE_REJECT reject;
DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
state->request.data.chauthtok.user));
@@ -1822,9 +1814,33 @@
contact_domain = find_domain_from_name(domain);
if (!contact_domain) {
+ set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n",
state->request.data.chauthtok.user, domain, user, domain));
- result = NT_STATUS_NO_SUCH_USER;
+ request_error(state);
+ return;
+ }
+
+ sendto_domain(state, contact_domain);
+}
+
+enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
+ struct winbindd_cli_state *state)
+{
+ char *oldpass;
+ char *newpass = NULL;
+ POLICY_HND dom_pol;
+ struct rpc_pipe_client *cli;
+ BOOL got_info = False;
+ SAM_UNK_INFO_1 info;
+ SAMR_CHANGE_REJECT reject;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ fstring domain, user;
+
+ DEBUG(3, ("[%5lu]: dual pam chauthtok %s\n", (unsigned long)state->pid,
+ state->request.data.auth.user));
+
+ if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) {
goto done;
}
@@ -1931,11 +1947,7 @@
state->response.data.auth.nt_status_string,
state->response.data.auth.pam_error));
- if (NT_STATUS_IS_OK(result)) {
- request_ok(state);
- } else {
- request_error(state);
- }
+ return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
void winbindd_pam_logoff(struct winbindd_cli_state *state)
More information about the samba-cvs
mailing list