[SCM] Samba Shared Repository - branch v3-devel updated -
release-3-2-0pre2-3765-ge861912
Günther Deschner
gd at samba.org
Tue Aug 19 20:03:34 GMT 2008
The branch, v3-devel has been updated
via e8619121d16d086f1ab186051d0ecdc83c02e5b5 (commit)
via ae35a5110ea03d8ff27f320cdc685e5623715a2a (commit)
via dbfa7ba14c9f1a4d7a1e7205dd0b3ea2fc2e6131 (commit)
from f2a2ed315e393353110aa7760b4eca4f1f49ca21 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel
- Log -----------------------------------------------------------------
commit e8619121d16d086f1ab186051d0ecdc83c02e5b5
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 18:03:13 2008 +0200
winbindd: consistently use false/true.
Guenther
commit ae35a5110ea03d8ff27f320cdc685e5623715a2a
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 18:31:35 2008 +0200
winbindd: use set_auth_errors (avoid code duplication).
Guenther
commit dbfa7ba14c9f1a4d7a1e7205dd0b3ea2fc2e6131
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 18:31:10 2008 +0200
winbindd: fill_in_password_policy (to avoid redundant code).
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/winbindd/winbindd_pam.c | 126 ++++++++++++++++------------------------
1 files changed, 51 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c
index 01cdc4d..4beef85 100644
--- a/source/winbindd/winbindd_pam.c
+++ b/source/winbindd/winbindd_pam.c
@@ -176,7 +176,7 @@ static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
}
fill_domain_username(state->response.data.auth.unix_username,
- nt_domain, nt_username, True);
+ nt_domain, nt_username, true);
DEBUG(5,("Setting unix username to [%s]\n",
state->response.data.auth.unix_username));
@@ -393,6 +393,21 @@ static void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
resp->data.auth.pam_error = nt_status_to_pam(result);
}
+static void fill_in_password_policy(struct winbindd_response *r,
+ const struct samr_DomInfo1 *p)
+{
+ r->data.auth.policy.min_length_password =
+ p->min_password_length;
+ r->data.auth.policy.password_history =
+ p->password_history_length;
+ r->data.auth.policy.password_properties =
+ p->password_properties;
+ r->data.auth.policy.expire =
+ nt_time_to_unix_abs((NTTIME *)&(p->max_password_age));
+ r->data.auth.policy.min_passwordage =
+ nt_time_to_unix_abs((NTTIME *)&(p->min_password_age));
+}
+
static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
struct winbindd_cli_state *state)
{
@@ -413,16 +428,7 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
return status;
}
- state->response.data.auth.policy.min_length_password =
- password_policy.min_password_length;
- state->response.data.auth.policy.password_history =
- password_policy.password_history_length;
- state->response.data.auth.policy.password_properties =
- password_policy.password_properties;
- state->response.data.auth.policy.expire =
- nt_time_to_unix_abs((NTTIME *)&(password_policy.max_password_age));
- state->response.data.auth.policy.min_passwordage =
- nt_time_to_unix_abs((NTTIME *)&(password_policy.min_password_age));
+ fill_in_password_policy(&state->response, &password_policy);
return NT_STATUS_OK;
}
@@ -484,7 +490,7 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
const char *gen_cc = NULL;
- *internal_ccache = True;
+ *internal_ccache = true;
if (uid == -1) {
goto memory_ccache;
@@ -503,7 +509,7 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
goto memory_ccache;
}
- *internal_ccache = False;
+ *internal_ccache = false;
goto done;
memory_ccache:
@@ -577,7 +583,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
uid_t uid = -1;
ADS_STRUCT *ads;
time_t time_offset = 0;
- bool internal_ccache = True;
+ bool internal_ccache = true;
ZERO_STRUCTP(info3);
@@ -644,8 +650,8 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
&ticket_lifetime,
&renewal_until,
cc,
- True,
- True,
+ true,
+ true,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
info3);
if (!internal_ccache) {
@@ -677,7 +683,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
time(NULL),
ticket_lifetime,
renewal_until,
- False);
+ false);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n",
@@ -737,12 +743,12 @@ static bool check_request_flags(uint32_t flags)
( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
( (flags & flags_edata) == WBFLAG_PAM_INFO3_TEXT)||
!(flags & flags_edata) ) {
- return True;
+ return true;
}
DEBUG(1,("check_request_flags: invalid request flags[0x%08X]\n",flags));
- return False;
+ return false;
}
/****************************************************************
@@ -878,7 +884,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
const uint8 *cached_salt;
struct netr_SamInfo3 *my_info3;
time_t kickoff_time, must_change_time;
- bool password_good = False;
+ bool password_good = false;
#ifdef HAVE_KRB5
struct winbindd_tdc_domain *tdc_domain = NULL;
#endif
@@ -936,11 +942,11 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
E_md5hash(cached_salt, new_nt_pass, salted_hash);
password_good = (memcmp(cached_nt_pass, salted_hash, NT_HASH_LEN) == 0) ?
- True : False;
+ true : false;
} else {
/* Old cached cred - direct store of nt_hash (bad bad bad !). */
password_good = (memcmp(cached_nt_pass, new_nt_pass, NT_HASH_LEN) == 0) ?
- True : False;
+ true : false;
}
if (password_good) {
@@ -999,7 +1005,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
char *realm = NULL;
const char *principal_s = NULL;
const char *service = NULL;
- bool internal_ccache = False;
+ bool internal_ccache = false;
uid = get_uid_from_state(state);
if (uid == -1) {
@@ -1041,7 +1047,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
time(NULL),
time(NULL) + lp_winbind_cache_time(),
time(NULL) + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
- True);
+ true);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("winbindd_dual_pam_auth_cached: failed "
@@ -1300,7 +1306,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
netlogon_fn_t logon_fn;
ZERO_STRUCTP(my_info3);
- retry = False;
+ retry = false;
result = cm_connect_netlogon(contact_domain, &netlogon_pipe);
@@ -1351,8 +1357,8 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
&& contact_domain->can_do_samlogon_ex) {
DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
"retrying with NetSamLogon\n"));
- contact_domain->can_do_samlogon_ex = False;
- retry = True;
+ contact_domain->can_do_samlogon_ex = false;
+ retry = true;
continue;
}
@@ -1361,7 +1367,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
our connection. */
if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)) {
- retry = True;
+ retry = true;
continue;
}
@@ -1377,7 +1383,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
"Killing connections to domain %s\n",
name_domain));
invalidate_cm_connection(&contact_domain->conn);
- retry = True;
+ retry = true;
}
} while ( (attempts < 2) && retry );
@@ -1475,7 +1481,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
parse_domain_user(state->request.data.auth.user, name_domain, name_user);
- if (domain->online == False) {
+ if (domain->online == false) {
result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
if (domain->startup) {
/* Logons are very important to users. If we're offline and
@@ -1693,13 +1699,7 @@ done:
result = NT_STATUS_NO_LOGON_SERVERS;
}
- state->response.data.auth.nt_status = NT_STATUS_V(result);
- fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
-
- /* we might have given a more useful error above */
- if (!*state->response.data.auth.error_string)
- fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
- state->response.data.auth.pam_error = nt_status_to_pam(result);
+ set_auth_errors(&state->response, result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n",
state->request.data.auth.user,
@@ -1867,7 +1867,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
do {
netlogon_fn_t logon_fn;
- retry = False;
+ retry = false;
netlogon_pipe = NULL;
result = cm_connect_netlogon(contact_domain, &netlogon_pipe);
@@ -1899,8 +1899,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
&& contact_domain->can_do_samlogon_ex) {
DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
"retrying with NetSamLogon\n"));
- contact_domain->can_do_samlogon_ex = False;
- retry = True;
+ contact_domain->can_do_samlogon_ex = false;
+ retry = true;
continue;
}
@@ -1911,7 +1911,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
our connection. */
if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)) {
- retry = True;
+ retry = true;
continue;
}
@@ -1926,7 +1926,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
"Killing connections to domain %s\n",
name_domain));
invalidate_cm_connection(&contact_domain->conn);
- retry = True;
+ retry = true;
}
} while ( (attempts < 2) && retry );
@@ -1965,14 +1965,7 @@ done:
result = nt_status_squash(result);
}
- state->response.data.auth.nt_status = NT_STATUS_V(result);
- fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
-
- /* we might have given a more useful error above */
- if (!*state->response.data.auth.error_string) {
- fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
- }
- state->response.data.auth.pam_error = nt_status_to_pam(result);
+ set_auth_errors(&state->response, result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n",
@@ -2028,7 +2021,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
char *newpass = NULL;
POLICY_HND dom_pol;
struct rpc_pipe_client *cli;
- bool got_info = False;
+ bool got_info = false;
struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -2068,21 +2061,13 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
/* Windows 2003 returns NT_STATUS_PASSWORD_RESTRICTION */
if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) ) {
- state->response.data.auth.policy.min_length_password =
- info->min_password_length;
- state->response.data.auth.policy.password_history =
- info->password_history_length;
- state->response.data.auth.policy.password_properties =
- info->password_properties;
- state->response.data.auth.policy.expire =
- nt_time_to_unix_abs((NTTIME *)&info->max_password_age);
- state->response.data.auth.policy.min_passwordage =
- nt_time_to_unix_abs((NTTIME *)&info->min_password_age);
+
+ fill_in_password_policy(&state->response, info);
state->response.data.auth.reject_reason =
reject->reason;
- got_info = True;
+ got_info = true;
}
/* only fallback when the chgpasswd_user3 call is not supported */
@@ -2166,10 +2151,7 @@ done:
process_result:
- state->response.data.auth.nt_status = NT_STATUS_V(result);
- fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
- fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
- state->response.data.auth.pam_error = nt_status_to_pam(result);
+ set_auth_errors(&state->response, result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n",
@@ -2302,10 +2284,7 @@ process_result:
winbindd_delete_memory_creds(state->request.data.logoff.user);
- state->response.data.auth.nt_status = NT_STATUS_V(result);
- fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
- fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
- state->response.data.auth.pam_error = nt_status_to_pam(result);
+ set_auth_errors(&state->response, result);
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
@@ -2451,11 +2430,8 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
new_lm_password, old_lm_hash_enc);
done:
- state->response.data.auth.nt_status = NT_STATUS_V(result);
- fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
- fstrcpy(state->response.data.auth.error_string,
- get_friendly_nt_error_msg(result));
- state->response.data.auth.pam_error = nt_status_to_pam(result);
+
+ set_auth_errors(&state->response, result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n",
--
Samba Shared Repository
More information about the samba-cvs
mailing list