svn commit: samba r14496 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch

Thu Mar 16 23:54:07 GMT 2006

Author: gd
Date: 2006-03-16 23:54:05 +0000 (Thu, 16 Mar 2006)
New Revision: 14496

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14496

Log:
Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain password
policies when requested. 

No panic, the flags is uint32 so we are not running out of WBFLAG bits.

Guenther

Modified:
   branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
   trunk/source/nsswitch/pam_winbind.c
   trunk/source/nsswitch/winbindd_nss.h
   trunk/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2006-03-16 22:54:07 UTC (rev 14495)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2006-03-16 23:54:05 UTC (rev 14496)
@@ -321,7 +321,7 @@
 	request.data.auth.krb5_cc_type[0] = '\0';
 	request.data.auth.uid = -1;
 	
-	request.flags = WBFLAG_PAM_INFO3_TEXT;
+	request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY;
 
 	if (ctrl & WINBIND_KRB5_AUTH) {
 

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h	2006-03-16 22:54:07 UTC (rev 14495)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h	2006-03-16 23:54:05 UTC (rev 14496)
@@ -179,6 +179,7 @@
 #define WBFLAG_PAM_KRB5			0x1000
 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5	0x2000
 #define WBFLAG_PAM_CACHED_LOGIN		0x4000
+#define WBFLAG_PAM_GET_PWD_POLICY	0x8000
 
 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
 

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-03-16 22:54:07 UTC (rev 14495)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-03-16 23:54:05 UTC (rev 14496)
@@ -1210,11 +1210,14 @@
 
 		}
 
-		result = fillup_password_policy(domain, state);
+		/* this is required to provide password expiry warning */ 
+		if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
+			result = fillup_password_policy(domain, state);
 
-		if (!NT_STATUS_IS_OK(result)) {
-			DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
-			goto done;
+			if (!NT_STATUS_IS_OK(result)) {
+				DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+				goto done;
+			}
 		}
 	
 	} 

Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================
--- trunk/source/nsswitch/pam_winbind.c	2006-03-16 22:54:07 UTC (rev 14495)
+++ trunk/source/nsswitch/pam_winbind.c	2006-03-16 23:54:05 UTC (rev 14496)
@@ -321,7 +321,7 @@
 	request.data.auth.krb5_cc_type[0] = '\0';
 	request.data.auth.uid = -1;
 	
-	request.flags = WBFLAG_PAM_INFO3_TEXT;
+	request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY;
 
 	if (ctrl & WINBIND_KRB5_AUTH) {
 

Modified: trunk/source/nsswitch/winbindd_nss.h
===================================================================
--- trunk/source/nsswitch/winbindd_nss.h	2006-03-16 22:54:07 UTC (rev 14495)
+++ trunk/source/nsswitch/winbindd_nss.h	2006-03-16 23:54:05 UTC (rev 14496)
@@ -179,6 +179,7 @@
 #define WBFLAG_PAM_KRB5			0x1000
 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5	0x2000
 #define WBFLAG_PAM_CACHED_LOGIN		0x4000
+#define WBFLAG_PAM_GET_PWD_POLICY	0x8000
 
 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
 

Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================
--- trunk/source/nsswitch/winbindd_pam.c	2006-03-16 22:54:07 UTC (rev 14495)
+++ trunk/source/nsswitch/winbindd_pam.c	2006-03-16 23:54:05 UTC (rev 14496)
@@ -1210,11 +1210,14 @@
 
 		}
 
-		result = fillup_password_policy(domain, state);
+		/* this is required to provide password expiry warning */ 
+		if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
+			result = fillup_password_policy(domain, state);
 
-		if (!NT_STATUS_IS_OK(result)) {
-			DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
-			goto done;
+			if (!NT_STATUS_IS_OK(result)) {
+				DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+				goto done;
+			}
 		}
 	
 	} 

