svn commit: samba r13010 - in trunk/source/nsswitch: .

Wed Jan 18 17:46:58 GMT 2006

Author: gd
Date: 2006-01-18 17:46:56 +0000 (Wed, 18 Jan 2006)
New Revision: 13010

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13010

Log:
Add non-returning macro to handle status code translations for the PAM
conversations.

Guenther

Modified:
   trunk/source/nsswitch/pam_winbind.c
   trunk/source/nsswitch/pam_winbind.h


Changeset:
Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================

--- trunk/source/nsswitch/pam_winbind.c	2006-01-18 17:28:25 UTC (rev 13009)
+++ trunk/source/nsswitch/pam_winbind.c	2006-01-18 17:46:56 UTC (rev 13010)
@@ -400,16 +400,16 @@
 	}
 
 	if (ret) {
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PASSWORD_EXPIRED");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PASSWORD_MUST_CHANGE");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_INVALID_WORKSTATION");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_INVALID_LOGON_HOURS");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_EXPIRED");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_DISABLED");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_LOCKED_OUT");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT");
-		PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PASSWORD_EXPIRED");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PASSWORD_MUST_CHANGE");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_INVALID_WORKSTATION");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_INVALID_LOGON_HOURS");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCOUNT_EXPIRED");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCOUNT_DISABLED");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCOUNT_LOCKED_OUT");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT");
+		PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT");
 	}
 
 	/* handle the case where the auth was ok, but the password must expire right now */
@@ -425,7 +425,7 @@
 			       response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire,
 			       time(NULL));
 
-		PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PASSWORD_EXPIRED");
+		PAM_WB_REMARK_DIRECT_RET(pamh, "NT_STATUS_PASSWORD_EXPIRED");
 
 	}
 
@@ -500,17 +500,17 @@
 		return ret;
 	}
 
-	PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_BACKUP_CONTROLLER");
-	PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCESS_DENIED");
+	PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_BACKUP_CONTROLLER");
+	PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCESS_DENIED");
 
 	/* TODO: tell the min pwd length ? */
-	PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PWD_TOO_SHORT");
+	PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PWD_TOO_SHORT");
 
 	/* TODO: tell the minage ? */
-	PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PWD_TOO_RECENT");
+	PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PWD_TOO_RECENT");
 
 	/* TODO: tell the history length ? */
-	PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PWD_HISTORY_CONFLICT");
+	PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PWD_HISTORY_CONFLICT");
 
 	if (strequal(response.data.auth.nt_status_string, "NT_STATUS_PASSWORD_RESTRICTION")) {
 
@@ -525,7 +525,7 @@
 				PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PWD_HISTORY_CONFLICT");
 				break;
 			case REJECT_REASON_NOT_COMPLEX:
-				_make_remark_format(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements");
+				_make_remark(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements");
 				break;
 			default:
 				_pam_log_debug(ctrl, LOG_DEBUG,

Modified: trunk/source/nsswitch/pam_winbind.h
===================================================================
--- trunk/source/nsswitch/pam_winbind.h	2006-01-18 17:28:25 UTC (rev 13009)
+++ trunk/source/nsswitch/pam_winbind.h	2006-01-18 17:46:56 UTC (rev 13010)
@@ -114,13 +114,24 @@
 	error_string = _get_ntstatus_error_string(x);\
 	if (error_string != NULL) {\
 		_make_remark(h, PAM_ERROR_MSG, error_string);\
+	} else {\
+		_make_remark(h, PAM_ERROR_MSG, x);\
+	};\
+};
+
+#define PAM_WB_REMARK_DIRECT_RET(h,x)\
+{\
+	const char *error_string = NULL; \
+	error_string = _get_ntstatus_error_string(x);\
+	if (error_string != NULL) {\
+		_make_remark(h, PAM_ERROR_MSG, error_string);\
 		return ret;\
 	};\
 	_make_remark(h, PAM_ERROR_MSG, x);\
 	return ret;\
 };
 	
-#define PAM_WB_REMARK_CHECK_RESPONSE(h,x,y)\
+#define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,x,y)\
 {\
 	const char *ntstatus = x.data.auth.nt_status_string; \
 	const char *error_string = NULL; \

