svn commit: samba r21161 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_25/source/nsswitch
gd at samba.org
gd at samba.org
Mon Feb 5 18:11:42 GMT 2007
Author: gd
Date: 2007-02-05 18:11:41 +0000 (Mon, 05 Feb 2007)
New Revision: 21161
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21161
Log:
Another fix for pam_winbind: Move the entire pwd expiry handling into
the PAM_SUCCESS block.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c 2007-02-05 18:04:28 UTC (rev 21160)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c 2007-02-05 18:11:41 UTC (rev 21161)
@@ -1091,23 +1091,23 @@
PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED");
}
- /* warn a user if the password is about to expire soon */
- _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
-
- if (already_expired == True) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
- "(Password was last set: %d, the policy says "
- "it should expire here %d (now it's: %d)\n",
- response.data.auth.info3.pass_last_set_time,
- response.data.auth.info3.pass_last_set_time +
- response.data.auth.policy.expire,
- time(NULL));
+ if (ret == PAM_SUCCESS) {
- return PAM_AUTHTOK_EXPIRED;
- }
+ /* warn a user if the password is about to expire soon */
+ _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
- if (ret == PAM_SUCCESS) {
+ if (already_expired == True) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
+ "(Password was last set: %d, the policy says "
+ "it should expire here %d (now it's: %d))\n",
+ response.data.auth.info3.pass_last_set_time,
+ response.data.auth.info3.pass_last_set_time +
+ response.data.auth.policy.expire,
+ time(NULL));
+ return PAM_AUTHTOK_EXPIRED;
+ }
+
/* inform about logon type */
_pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs);
Modified: branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c 2007-02-05 18:04:28 UTC (rev 21160)
+++ branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c 2007-02-05 18:11:41 UTC (rev 21161)
@@ -833,23 +833,23 @@
PAM_WB_REMARK_CHECK_RESPONSE_RET(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED");
}
- /* warn a user if the password is about to expire soon */
- _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
+ if (ret == PAM_SUCCESS) {
- if (already_expired == True) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
- "(Password was last set: %d, the policy says "
- "it should expire here %d (now it's: %d)\n",
- response.data.auth.info3.pass_last_set_time,
- response.data.auth.info3.pass_last_set_time +
- response.data.auth.policy.expire,
- time(NULL));
+ /* warn a user if the password is about to expire soon */
+ _pam_warn_password_expiry(pamh, ctrl, &response, &already_expired);
- return PAM_AUTHTOK_EXPIRED;
- }
-
- if (ret == PAM_SUCCESS) {
+ if (already_expired == True) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Password has expired "
+ "(Password was last set: %d, the policy says "
+ "it should expire here %d (now it's: %d))\n",
+ response.data.auth.info3.pass_last_set_time,
+ response.data.auth.info3.pass_last_set_time +
+ response.data.auth.policy.expire,
+ time(NULL));
+ return PAM_AUTHTOK_EXPIRED;
+ }
+
/* inform about logon type */
_pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs);
@@ -1796,9 +1796,9 @@
}
/* Deal with offline errors. */
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, ctrl, response, "NT_STATUS_NO_LOGON_SERVERS");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, ctrl, response, "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND");
- PAM_WB_REMARK_CHECK_RESPONSE(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED");
+ PAM_WB_REMARK_CHECK_RESPONSE(pamh, ctrl, response, "NT_STATUS_NO_LOGON_SERVERS");
+ PAM_WB_REMARK_CHECK_RESPONSE(pamh, ctrl, response, "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND");
+ PAM_WB_REMARK_CHECK_RESPONSE(pamh, ctrl, response, "NT_STATUS_ACCESS_DENIED");
return ret;
}
More information about the samba-cvs
mailing list