svn commit: samba r21612 - in branches/SAMBA_3_0/source/nsswitch: .

Thu Mar 1 03:10:30 GMT 2007

Author: jerry
Date: 2007-03-01 03:10:29 +0000 (Thu, 01 Mar 2007)
New Revision: 21612

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21612

Log:
Make pam_winbind do the same username fixup on AIX as the WINBINDD 
LAM module does to work around a system that does not support
>8 character usernames.  Without the change, pam_winbind tries
to authenticate _#uid in the domain.



Modified:
   branches/SAMBA_3_0/source/nsswitch/pam_winbind.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2007-03-01 03:07:57 UTC (rev 21611)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2007-03-01 03:10:29 UTC (rev 21612)
@@ -1517,6 +1517,8 @@
 	dictionary *d = NULL;
 	char *username_ret = NULL;
 	char *new_authtok_required = NULL;
+	char *combined_member = NULL;
+	const char *real_username = NULL;
 
 	/* parse arguments */
 	int ctrl = _pam_parse(pamh, flags, argc, argv, &d);
@@ -1535,6 +1537,30 @@
 		goto out;
 	}
 
+#if defined(AIX)
+	/* Decode the user name since AIX does not support logn user
+	   names by default.  The name is encoded as _#uid.  */
+
+	if ( username[0] == '_' ) {
+		uid_t id = atoi( &username[1] );
+		struct passwd *pw = NULL;		
+
+		if ( (id!=0) && ((pw = getpwuid( id )) != NULL) ) {
+			real_username = strdup( pw->pw_name );
+		}
+	}
+#endif
+
+	if ( !real_username ) {
+		/* Just making a copy of the username we got from PAM */
+		if ( (real_username = strdup( username )) == NULL ) {
+			_pam_log_debug(pamh, ctrl, LOG_DEBUG, 
+				       "memory allocation failure when copying username");
+			retval = PAM_SERVICE_ERR;
+			goto out;
+		}
+	}	
+
 	retval = _winbind_read_password(pamh, ctrl, NULL, 
 					"Password: ", NULL,
 					&password);
@@ -1549,9 +1575,9 @@
 
 #ifdef DEBUG_PASSWORD
 	_pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s' with password '%s'", 
-		       username, password);
+		       real_username, password);
 #else
-	_pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", username);
+	_pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", real_username);
 #endif
 
 	member = get_member_from_config(pamh, argc, argv, ctrl, d);
@@ -1594,6 +1620,10 @@
 		free(username_ret);
 	}
 
+	if ( real_username ) {		
+		free( real_username );
+	}	
+			
 	if (d) {
 		iniparser_freedict(d);
 	}

