svn commit: samba r18158 - in branches/SAMBA_3_0/source/nsswitch: .

Wed Sep 6 10:59:39 GMT 2006

Author: gd
Date: 2006-09-06 10:59:39 +0000 (Wed, 06 Sep 2006)
New Revision: 18158

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18158

Log:
Stop winbindd from accumulating memory creds infinitely when doing
pam offline logons.

Guenther

Modified:
   branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2006-09-06 10:50:52 UTC (rev 18157)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2006-09-06 10:59:39 UTC (rev 18158)
@@ -1152,15 +1152,15 @@
 		ccname = pam_getenv(pamh, "KRB5CCNAME");
 		if (ccname == NULL) {
 			_pam_log_debug(ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment");
-			retval = PAM_SUCCESS;
-			goto out;
 		}
 
 		strncpy(request.data.logoff.user, user,
 			sizeof(request.data.logoff.user) - 1);
 
-		strncpy(request.data.logoff.krb5ccname, ccname,
-			sizeof(request.data.logoff.krb5ccname) - 1);
+		if (ccname) {
+			strncpy(request.data.logoff.krb5ccname, ccname,
+				sizeof(request.data.logoff.krb5ccname) - 1);
+		}
 
 		pwd = getpwnam(user);
 		if (pwd == NULL) {

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-09-06 10:50:52 UTC (rev 18157)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-09-06 10:59:39 UTC (rev 18158)
@@ -1865,22 +1865,26 @@
 	state->request.data.logoff.krb5ccname
 		[sizeof(state->request.data.logoff.krb5ccname)-1]='\0';
 
-	parse_domain_user(state->request.data.logoff.user, name_domain, user);
+	if (!parse_domain_user(state->request.data.logoff.user, name_domain, user)) {
+		goto failed;
+	}
 
-	domain = find_auth_domain(state, name_domain);
-
-	if (domain == NULL) {
-		set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
-		DEBUG(5, ("Pam Logoff for %s returned %s "
-			  "(PAM: %d)\n",
-			  state->request.data.auth.user, 
-			  state->response.data.auth.nt_status_string,
-			  state->response.data.auth.pam_error));
-		request_error(state);
-		return;
+	if ((domain = find_auth_domain(state, name_domain)) == NULL) {
+		goto failed;
 	}
 
 	sendto_domain(state, domain);
+	return;
+
+ failed:
+	set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
+	DEBUG(5, ("Pam Logoff for %s returned %s "
+		  "(PAM: %d)\n",
+		  state->request.data.auth.user, 
+		  state->response.data.auth.nt_status_string,
+		  state->response.data.auth.pam_error));
+	request_error(state);
+	return;
 }
 
 enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
@@ -1899,6 +1903,11 @@
 		goto process_result;
 	}
 
+	if (state->request.data.logoff.krb5ccname[0] == '\0') {
+		result = NT_STATUS_OK;
+		goto process_result;
+	}
+
 #ifdef HAVE_KRB5
 	
 	if (state->request.data.logoff.uid < 0) {

