[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-748-g6d765e0
Günther Deschner
gd at samba.org
Thu Dec 20 01:08:05 GMT 2007
The branch, v3-2-test has been updated
via 6d765e0de523211a2d0b43a2c4c4117f5f0c662f (commit)
from b5f600fab53c9d159a958c59795db3ba4a8acc63 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f
Author: Michael Adam <obnox at samba.org>
Date: Wed Dec 19 17:53:14 2007 +0100
Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD_POLICY is set.
This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b)
which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for
reasons that are unclear to me. Maybe I am being too naive.
Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.
Michael
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/pam_winbind.c | 1 +
source/nsswitch/winbind_struct_protocol.h | 2 +-
source/winbindd/winbindd_pam.c | 15 +++++++++------
3 files changed, 11 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index f00db39..4d01907 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -1201,6 +1201,7 @@ static int winbind_auth_request(pam_handle_t * pamh,
request.data.auth.uid = -1;
request.flags = WBFLAG_PAM_INFO3_TEXT |
+ WBFLAG_PAM_GET_PWD_POLICY |
WBFLAG_PAM_CONTACT_TRUSTDOM;
if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) {
diff --git a/source/nsswitch/winbind_struct_protocol.h b/source/nsswitch/winbind_struct_protocol.h
index 5b663c6..12ca1e5 100644
--- a/source/nsswitch/winbind_struct_protocol.h
+++ b/source/nsswitch/winbind_struct_protocol.h
@@ -194,7 +194,7 @@ typedef struct winbindd_gr {
#define WBFLAG_PAM_KRB5 0x00001000
#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 /* not used */
+#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
/* generic request flags */
#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c
index 5133239..7a9014a 100644
--- a/source/winbindd/winbindd_pam.c
+++ b/source/winbindd/winbindd_pam.c
@@ -1593,13 +1593,16 @@ process_result:
}
}
- result = fillup_password_policy(domain, state);
- if (!NT_STATUS_IS_OK(result)
- && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
- {
- DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
- goto done;
+ if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
+ result = fillup_password_policy(domain, state);
+
+ if (!NT_STATUS_IS_OK(result)
+ && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
+ {
+ DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+ goto done;
+ }
}
result = NT_STATUS_OK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list