svn commit: samba r18158 - in branches/SAMBA_3_0/source/nsswitch: .
gd at samba.org
gd at samba.org
Wed Sep 6 10:59:39 GMT 2006
Author: gd
Date: 2006-09-06 10:59:39 +0000 (Wed, 06 Sep 2006)
New Revision: 18158
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18158
Log:
Stop winbindd from accumulating memory creds infinitely when doing
pam offline logons.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c 2006-09-06 10:50:52 UTC (rev 18157)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c 2006-09-06 10:59:39 UTC (rev 18158)
@@ -1152,15 +1152,15 @@
ccname = pam_getenv(pamh, "KRB5CCNAME");
if (ccname == NULL) {
_pam_log_debug(ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment");
- retval = PAM_SUCCESS;
- goto out;
}
strncpy(request.data.logoff.user, user,
sizeof(request.data.logoff.user) - 1);
- strncpy(request.data.logoff.krb5ccname, ccname,
- sizeof(request.data.logoff.krb5ccname) - 1);
+ if (ccname) {
+ strncpy(request.data.logoff.krb5ccname, ccname,
+ sizeof(request.data.logoff.krb5ccname) - 1);
+ }
pwd = getpwnam(user);
if (pwd == NULL) {
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-09-06 10:50:52 UTC (rev 18157)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-09-06 10:59:39 UTC (rev 18158)
@@ -1865,22 +1865,26 @@
state->request.data.logoff.krb5ccname
[sizeof(state->request.data.logoff.krb5ccname)-1]='\0';
- parse_domain_user(state->request.data.logoff.user, name_domain, user);
+ if (!parse_domain_user(state->request.data.logoff.user, name_domain, user)) {
+ goto failed;
+ }
- domain = find_auth_domain(state, name_domain);
-
- if (domain == NULL) {
- set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
- DEBUG(5, ("Pam Logoff for %s returned %s "
- "(PAM: %d)\n",
- state->request.data.auth.user,
- state->response.data.auth.nt_status_string,
- state->response.data.auth.pam_error));
- request_error(state);
- return;
+ if ((domain = find_auth_domain(state, name_domain)) == NULL) {
+ goto failed;
}
sendto_domain(state, domain);
+ return;
+
+ failed:
+ set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
+ DEBUG(5, ("Pam Logoff for %s returned %s "
+ "(PAM: %d)\n",
+ state->request.data.auth.user,
+ state->response.data.auth.nt_status_string,
+ state->response.data.auth.pam_error));
+ request_error(state);
+ return;
}
enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
@@ -1899,6 +1903,11 @@
goto process_result;
}
+ if (state->request.data.logoff.krb5ccname[0] == '\0') {
+ result = NT_STATUS_OK;
+ goto process_result;
+ }
+
#ifdef HAVE_KRB5
if (state->request.data.logoff.uid < 0) {
More information about the samba-cvs
mailing list