svn commit: samba r13010 - in trunk/source/nsswitch: .
gd at samba.org
gd at samba.org
Wed Jan 18 17:46:58 GMT 2006
Author: gd
Date: 2006-01-18 17:46:56 +0000 (Wed, 18 Jan 2006)
New Revision: 13010
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13010
Log:
Add non-returning macro to handle status code translations for the PAM
conversations.
Guenther
Modified:
trunk/source/nsswitch/pam_winbind.c
trunk/source/nsswitch/pam_winbind.h
Changeset:
Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================
--- trunk/source/nsswitch/pam_winbind.c 2006-01-18 17:28:25 UTC (rev 13009)
+++ trunk/source/nsswitch/pam_winbind.c 2006-01-18 17:46:56 UTC (rev 13010)
@@ -400,16 +400,16 @@
}
if (ret) {
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PASSWORD_EXPIRED");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PASSWORD_MUST_CHANGE");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_INVALID_WORKSTATION");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_INVALID_LOGON_HOURS");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_EXPIRED");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_DISABLED");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_LOCKED_OUT");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PASSWORD_EXPIRED");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PASSWORD_MUST_CHANGE");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_INVALID_WORKSTATION");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_INVALID_LOGON_HOURS");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCOUNT_EXPIRED");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCOUNT_DISABLED");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCOUNT_LOCKED_OUT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT");
}
/* handle the case where the auth was ok, but the password must expire right now */
@@ -425,7 +425,7 @@
response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire,
time(NULL));
- PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PASSWORD_EXPIRED");
+ PAM_WB_REMARK_DIRECT_RET(pamh, "NT_STATUS_PASSWORD_EXPIRED");
}
@@ -500,17 +500,17 @@
return ret;
}
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_BACKUP_CONTROLLER");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCESS_DENIED");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_BACKUP_CONTROLLER");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_ACCESS_DENIED");
/* TODO: tell the min pwd length ? */
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PWD_TOO_SHORT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PWD_TOO_SHORT");
/* TODO: tell the minage ? */
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PWD_TOO_RECENT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PWD_TOO_RECENT");
/* TODO: tell the history length ? */
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_PWD_HISTORY_CONFLICT");
+ PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, response, "NT_STATUS_PWD_HISTORY_CONFLICT");
if (strequal(response.data.auth.nt_status_string, "NT_STATUS_PASSWORD_RESTRICTION")) {
@@ -525,7 +525,7 @@
PAM_WB_REMARK_DIRECT(pamh, "NT_STATUS_PWD_HISTORY_CONFLICT");
break;
case REJECT_REASON_NOT_COMPLEX:
- _make_remark_format(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements");
+ _make_remark(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements");
break;
default:
_pam_log_debug(ctrl, LOG_DEBUG,
Modified: trunk/source/nsswitch/pam_winbind.h
===================================================================
--- trunk/source/nsswitch/pam_winbind.h 2006-01-18 17:28:25 UTC (rev 13009)
+++ trunk/source/nsswitch/pam_winbind.h 2006-01-18 17:46:56 UTC (rev 13010)
@@ -114,13 +114,24 @@
error_string = _get_ntstatus_error_string(x);\
if (error_string != NULL) {\
_make_remark(h, PAM_ERROR_MSG, error_string);\
+ } else {\
+ _make_remark(h, PAM_ERROR_MSG, x);\
+ };\
+};
+
+#define PAM_WB_REMARK_DIRECT_RET(h,x)\
+{\
+ const char *error_string = NULL; \
+ error_string = _get_ntstatus_error_string(x);\
+ if (error_string != NULL) {\
+ _make_remark(h, PAM_ERROR_MSG, error_string);\
return ret;\
};\
_make_remark(h, PAM_ERROR_MSG, x);\
return ret;\
};
-#define PAM_WB_REMARK_CHECK_RESPONSE(h,x,y)\
+#define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,x,y)\
{\
const char *ntstatus = x.data.auth.nt_status_string; \
const char *error_string = NULL; \
More information about the samba-cvs
mailing list