[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4491-gf84fe8b

Günther Deschner gd at samba.org
Fri Nov 21 13:46:02 GMT 2008


The branch, v3-3-test has been updated
       via  f84fe8b0025850b31560f149ebaa27cf5a504694 (commit)
       via  e451daf4c2e1a6de6c109e88243b535d7e15cb35 (commit)
       via  b656b672a3216829f3488734b058dd9f86409e5b (commit)
       via  458a65b409f25f913a8122b320b38d1669137f06 (commit)
       via  69109cd0b896ce7dfbe04b713367c8f1c933dc98 (commit)
       via  6a2d15f1de9fb7b93a31129139dea667303393db (commit)
       via  e878e876b5ebc46536d83995c5bccd11c8f23b82 (commit)
       via  4e8e29174146e324ae0fb5af6799b256d49e05ab (commit)
       via  47a32ce25b29e189ce424f860bb4f624e6f39147 (commit)
       via  69fd76d15bb8acdb1cc452ab68e1c4e65adbedcb (commit)
       via  26ca8d5504f1ef56355eb5ece88b1ac728869737 (commit)
       via  18f1585539bb306101f3471103a2936c2dfd0aa3 (commit)
       via  a820f7c960c12f924c60fb9978543106e286e27f (commit)
       via  252715060fca9fd75b899a6df3ff65b67aad4ec8 (commit)
       via  9c11f1a9d174d800696640671894e7071292444f (commit)
       via  d1821ad64960308bae9ad34ab53f565be4f5c967 (commit)
       via  1bf5777bf2f45c44e2e53617a01ebbffc05c330e (commit)
       via  6e0f91ad93e75f0f00f157c1e8eaab5b4f0f54f3 (commit)
       via  b779820cabf0e2885526a72cae62e775588a6bab (commit)
       via  3b93b9d65b0cb057887e8d286fc6c3bb06e1e7d1 (commit)
       via  76be70a7190327f1bcd2ea240591a139830d580f (commit)
      from  72a2b9615025c249c7cf1376ebeeb6a29537504f (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit f84fe8b0025850b31560f149ebaa27cf5a504694
Author: Günther Deschner <gd at samba.org>
Date:   Wed Nov 12 14:27:51 2008 +0100

    pam_winbind: fix some invalid blob handling.
    
    Guenther

commit e451daf4c2e1a6de6c109e88243b535d7e15cb35
Author: Andreas Schneider <anschneider at suse.de>
Date:   Fri Nov 21 11:39:01 2008 +0100

    Create a function out of pam_sm_close_session to delete the credentials.
    
    This is the way the creds should be deleted. Now we have back a
    close_session function which can be used for other things.

commit b656b672a3216829f3488734b058dd9f86409e5b
Author: Andreas Schneider <anschneider at suse.de>
Date:   Mon Oct 20 14:54:11 2008 +0200

    Delete the krb5 ccname variable from the PAM environment if set.
    
    If winbind sets the KRB5CCNAME variable it should unset it when
    the cache gets destroyed.

commit 458a65b409f25f913a8122b320b38d1669137f06
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 21 11:34:52 2008 +0100

    Set the right return value if wbc_status is set to an error.
    
    Guenther

commit 69109cd0b896ce7dfbe04b713367c8f1c933dc98
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 14:41:50 2008 +0200

    pam_winbind: document mkhomedir option.
    
    Guenther

commit 6a2d15f1de9fb7b93a31129139dea667303393db
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 21 11:33:52 2008 +0100

    pam_winbind: re-add mkhomedir option.
    
    Guenther

commit e878e876b5ebc46536d83995c5bccd11c8f23b82
Author: Günther Deschner <gd at samba.org>
Date:   Fri Aug 29 16:12:04 2008 +0200

    pam_winbind: remove unused pam_winbind_request().
    
    Guenther

commit 4e8e29174146e324ae0fb5af6799b256d49e05ab
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 14:52:24 2008 +0200

    pam_winbind: fix wbc_auth_error_to_pam_error().
    
    Guenther

commit 47a32ce25b29e189ce424f860bb4f624e6f39147
Author: Günther Deschner <gd at samba.org>
Date:   Mon Aug 25 14:35:42 2008 +0200

    pam_winbind: remove some unused macros.
    
    Guenther

commit 69fd76d15bb8acdb1cc452ab68e1c4e65adbedcb
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 14:48:23 2008 +0200

    pam_winbind: use wbclient equivalents for ACB_PWNOEXP and some NETLOGON flags.
    
    Guenther

commit 26ca8d5504f1ef56355eb5ece88b1ac728869737
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 11:07:59 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_PAM_AUTH.
    
    Guenther

commit 18f1585539bb306101f3471103a2936c2dfd0aa3
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 21 11:31:01 2008 +0100

    pam_winbind: use libwbclient for WINBINDD_PAM_LOGOFF.
    
    Guenther

commit a820f7c960c12f924c60fb9978543106e286e27f
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 21 11:22:07 2008 +0100

    pam_winbind: use libwbclient for WINBINDD_PAM_CHAUTHTOK.
    
    Guenther

commit 252715060fca9fd75b899a6df3ff65b67aad4ec8
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 23:33:12 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_LOOKUPNAME/LOOKUPSID.
    
    Guenther

commit 9c11f1a9d174d800696640671894e7071292444f
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 18:17:00 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_INFO.
    
    Guenther

commit d1821ad64960308bae9ad34ab53f565be4f5c967
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 18:15:29 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_GETPWNAM.
    
    Guenther

commit 1bf5777bf2f45c44e2e53617a01ebbffc05c330e
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 13:36:39 2008 +0200

    pam_winbind: add _pam_check_remark_auth_err().
    
    Guenther

commit 6e0f91ad93e75f0f00f157c1e8eaab5b4f0f54f3
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 10:59:18 2008 +0200

    pam_winbind: add wbc_auth_error_to_pam_error().
    
    Guenther

commit b779820cabf0e2885526a72cae62e775588a6bab
Author: Günther Deschner <gd at samba.org>
Date:   Fri Aug 15 03:13:18 2008 +0200

    pam_winbind: add wbc_error_to_pam_error().
    
    Guenther

commit 3b93b9d65b0cb057887e8d286fc6c3bb06e1e7d1
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 21 11:16:11 2008 +0100

    pam_winbind: prepare to use libwbclient inside pam_winbind.
    
    Guenther

commit 76be70a7190327f1bcd2ea240591a139830d580f
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 21 11:13:42 2008 +0100

    pam_winbind: convert to use talloc.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/pam_winbind.7.xml |    8 +
 examples/pam_winbind/pam_winbind.conf |    3 +
 source/Makefile.in                    |    4 +-
 source/nsswitch/pam_winbind.c         | 1271 +++++++++++++++++++++------------
 source/nsswitch/pam_winbind.h         |   74 +--
 5 files changed, 835 insertions(+), 525 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/pam_winbind.7.xml b/docs-xml/manpages-3/pam_winbind.7.xml
index cf7fd5a..7f233c1 100644
--- a/docs-xml/manpages-3/pam_winbind.7.xml
+++ b/docs-xml/manpages-3/pam_winbind.7.xml
@@ -134,6 +134,14 @@
 		</para></listitem>
 		</varlistentry>
 
+		<varlistentry>
+		<term>mkhomedir</term>
+		<listitem><para>
+		Create homedirectory for a user on-the-fly, option is valid in
+		PAM session block.
+		</para></listitem>
+		</varlistentry>
+
 		</variablelist>
 
 
diff --git a/examples/pam_winbind/pam_winbind.conf b/examples/pam_winbind/pam_winbind.conf
index a9e02a8..dd0b112 100644
--- a/examples/pam_winbind/pam_winbind.conf
+++ b/examples/pam_winbind/pam_winbind.conf
@@ -33,3 +33,6 @@
 
 # omit pam conversations
 ;silent = no
+
+# create homedirectory on the fly
+;mkhomedir = no
diff --git a/source/Makefile.in b/source/Makefile.in
index c77aea4..6d8cc81 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -2197,10 +2197,10 @@ bin/winbind_krb5_locator. at SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OB
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) \
 		@SONAMEFLAG@`basename $@`
 
-bin/pam_winbind. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ)
+bin/pam_winbind. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo "Linking shared library $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) -lpam @INIPARSERLIBS@ \
-		$(PAM_WINBIND_EXTRA_LIBS) @SONAMEFLAG@`basename $@`
+		$(PAM_WINBIND_EXTRA_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) @SONAMEFLAG@`basename $@`
 
 bin/builtin. at SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_BUILTIN_OBJ)
 	@echo "Building plugin $@"
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index e94f9af..542ea27 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -12,6 +12,42 @@
 
 #include "pam_winbind.h"
 
+static int wbc_error_to_pam_error(wbcErr status)
+{
+	switch (status) {
+		case WBC_ERR_SUCCESS:
+			return PAM_SUCCESS;
+		case WBC_ERR_NOT_IMPLEMENTED:
+			return PAM_SERVICE_ERR;
+		case WBC_ERR_UNKNOWN_FAILURE:
+			break;
+		case WBC_ERR_NO_MEMORY:
+			return PAM_BUF_ERR;
+		case WBC_ERR_INVALID_SID:
+		case WBC_ERR_INVALID_PARAM:
+			break;
+		case WBC_ERR_WINBIND_NOT_AVAILABLE:
+			return PAM_AUTHINFO_UNAVAIL;
+		case WBC_ERR_DOMAIN_NOT_FOUND:
+			return PAM_AUTHINFO_UNAVAIL;
+		case WBC_ERR_INVALID_RESPONSE:
+			return PAM_BUF_ERR;
+		case WBC_ERR_NSS_ERROR:
+			return PAM_USER_UNKNOWN;
+		case WBC_ERR_AUTH_ERROR:
+			return PAM_AUTH_ERR;
+		case WBC_ERR_UNKNOWN_USER:
+			return PAM_USER_UNKNOWN;
+		case WBC_ERR_UNKNOWN_GROUP:
+			return PAM_USER_UNKNOWN;
+		case WBC_ERR_PWD_CHANGE_FAILED:
+			break;
+	}
+
+	/* be paranoid */
+	return PAM_AUTH_ERR;
+}
+
 static const char *_pam_error_code_str(int err)
 {
 	switch (err) {
@@ -416,6 +452,10 @@ static int _pam_parse(const pam_handle_t *pamh,
 		ctrl |= WINBIND_WARN_PWD_EXPIRE;
 	}
 
+	if (iniparser_getboolean(d, "global:mkhomedir", false)) {
+		ctrl |= WINBIND_MKHOMEDIR;
+	}
+
 config_from_pam:
 	/* step through arguments */
 	for (i=argc,v=argv; i-- > 0; ++v) {
@@ -448,6 +488,8 @@ config_from_pam:
 			ctrl |= WINBIND_KRB5_CCACHE_TYPE;
 		else if (!strcasecmp(*v, "cached_login"))
 			ctrl |= WINBIND_CACHED_LOGIN;
+		else if (!strcasecmp(*v, "mkhomedir"))
+			ctrl |= WINBIND_MKHOMEDIR;
 		else {
 			__pam_log(pamh, ctrl, LOG_ERR,
 				 "pam_parse: unknown option: %s", *v);
@@ -467,13 +509,17 @@ config_from_pam:
 	return ctrl;
 };
 
-static void _pam_winbind_free_context(struct pwb_context *ctx)
+static int _pam_winbind_free_context(struct pwb_context *ctx)
 {
+	if (!ctx) {
+		return 0;
+	}
+
 	if (ctx->dict) {
 		iniparser_freedict(ctx->dict);
 	}
 
-	SAFE_FREE(ctx);
+	return 0;
 }
 
 static int _pam_winbind_init_context(pam_handle_t *pamh,
@@ -488,12 +534,12 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
 	textdomain_init();
 #endif
 
-	r = (struct pwb_context *)malloc(sizeof(struct pwb_context));
+	r = TALLOC_ZERO_P(NULL, struct pwb_context);
 	if (!r) {
 		return PAM_BUF_ERR;
 	}
 
-	ZERO_STRUCTP(r);
+	talloc_set_destructor(r, _pam_winbind_free_context);
 
 	r->pamh = pamh;
 	r->flags = flags;
@@ -501,7 +547,7 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
 	r->argv = argv;
 	r->ctrl = _pam_parse(pamh, flags, argc, argv, &r->dict);
 	if (r->ctrl == -1) {
-		_pam_winbind_free_context(r);
+		TALLOC_FREE(r);
 		return PAM_SYSTEM_ERR;
 	}
 
@@ -521,7 +567,7 @@ static void _pam_winbind_cleanup_func(pam_handle_t *pamh,
 			       "(error_status = %d)", pamh, data,
 			       error_status);
 	}
-	SAFE_FREE(data);
+	TALLOC_FREE(data);
 }
 
 
@@ -663,80 +709,11 @@ static int _make_remark_format(struct pwb_context *ctx, int type, const char *fo
 	return ret;
 }
 
-static int pam_winbind_request(struct pwb_context *ctx,
-			       enum winbindd_cmd req_type,
-			       struct winbindd_request *request,
-			       struct winbindd_response *response)
-{
-	/* Fill in request and send down pipe */
-	winbindd_init_request(request, req_type);
-
-	if (winbind_write_sock(request, sizeof(*request), 0, 0) == -1) {
-		_pam_log(ctx, LOG_ERR,
-			 "pam_winbind_request: write to socket failed!");
-		winbind_close_sock();
-		return PAM_SERVICE_ERR;
-	}
-
-	/* Wait for reply */
-	if (winbindd_read_reply(response) == -1) {
-		_pam_log(ctx, LOG_ERR,
-			 "pam_winbind_request: read from socket failed!");
-		winbind_close_sock();
-		return PAM_SERVICE_ERR;
-	}
-
-	/* We are done with the socket - close it and avoid mischeif */
-	winbind_close_sock();
-
-	/* Copy reply data from socket */
-	if (response->result == WINBINDD_OK) {
-		return PAM_SUCCESS;
-	}
-
-	/* no need to check for pam_error codes for getpwnam() */
-	switch (req_type) {
-
-		case WINBINDD_GETPWNAM:
-		case WINBINDD_LOOKUPNAME:
-			if (strlen(response->data.auth.nt_status_string) > 0) {
-				_pam_log(ctx, LOG_ERR,
-					 "request failed, NT error was %s",
-					 response->data.auth.nt_status_string);
-			} else {
-				_pam_log(ctx, LOG_ERR, "request failed");
-			}
-			return PAM_USER_UNKNOWN;
-		default:
-			break;
-	}
-
-	if (response->data.auth.pam_error != PAM_SUCCESS) {
-		_pam_log(ctx, LOG_ERR,
-			 "request failed: %s, "
-			 "PAM error was %s (%d), NT error was %s",
-			 response->data.auth.error_string,
-			 pam_strerror(ctx->pamh, response->data.auth.pam_error),
-			 response->data.auth.pam_error,
-			 response->data.auth.nt_status_string);
-		return response->data.auth.pam_error;
-	}
-
-	_pam_log(ctx, LOG_ERR, "request failed, but PAM error 0!");
-
-	return PAM_SERVICE_ERR;
-}
-
 static int pam_winbind_request_log(struct pwb_context *ctx,
-				   enum winbindd_cmd req_type,
-				   struct winbindd_request *request,
-				   struct winbindd_response *response,
-				   const char *user)
+				   int retval,
+				   const char *user,
+				   const char *fn)
 {
-	int retval;
-
-	retval = pam_winbind_request(ctx, req_type, request, response);
-
 	switch (retval) {
 	case PAM_AUTH_ERR:
 		/* incorrect password */
@@ -768,33 +745,65 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
 		return retval;
 	case PAM_SUCCESS:
 		/* Otherwise, the authentication looked good */
-		switch (req_type) {
-			case WINBINDD_INFO:
-				break;
-			case WINBINDD_PAM_AUTH:
-				_pam_log(ctx, LOG_NOTICE,
-					 "user '%s' granted access", user);
-				break;
-			case WINBINDD_PAM_CHAUTHTOK:
-				_pam_log(ctx, LOG_NOTICE,
-					 "user '%s' password changed", user);
-				break;
-			default:
-				_pam_log(ctx, LOG_NOTICE,
-					 "user '%s' OK", user);
-				break;
+		if (strcmp(fn, "wbcLogonUser") == 0) {
+			_pam_log(ctx, LOG_NOTICE,
+				 "user '%s' granted access", user);
+		} else {
+			_pam_log(ctx, LOG_NOTICE,
+				 "user '%s' OK", user);
 		}
-
 		return retval;
 	default:
 		/* we don't know anything about this return value */
 		_pam_log(ctx, LOG_ERR,
-			 "internal module error (retval = %d, user = '%s')",
-			 retval, user);
+			 "internal module error (retval = %s(%d), user = '%s')",
+			_pam_error_code_str(retval), retval, user);
 		return retval;
 	}
 }
 
+static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
+				       struct wbcAuthErrorInfo *e,
+				       wbcErr status,
+				       const char *username,
+				       const char *fn)
+{
+	int ret = PAM_AUTH_ERR;
+
+	if (WBC_ERROR_IS_OK(status)) {
+		_pam_log_debug(ctx, LOG_DEBUG, "request %s succeeded",
+			fn);
+		ret = PAM_SUCCESS;
+		return pam_winbind_request_log(ctx, ret, username, fn);
+	}
+
+	if (e) {
+		if (e->pam_error != PAM_SUCCESS) {
+			_pam_log(ctx, LOG_ERR,
+				 "request %s failed: %s, "
+				 "PAM error: %s (%d), NTSTATUS: %s, "
+				 "Error message was: %s",
+				 fn,
+				 wbcErrorString(status),
+				 _pam_error_code_str(e->pam_error),
+				 e->pam_error,
+				 e->nt_string,
+				 e->display_string);
+			ret = e->pam_error;
+			return pam_winbind_request_log(ctx, ret, username, fn);
+		}
+
+		_pam_log(ctx, LOG_ERR, "request %s failed, but PAM error 0!", fn);
+
+		ret = PAM_SERVICE_ERR;
+		return pam_winbind_request_log(ctx, ret, username, fn);
+	}
+
+	ret = wbc_error_to_pam_error(status);
+	return pam_winbind_request_log(ctx, ret, username, fn);
+}
+
+
 /**
  * send a password expiry message if required
  *
@@ -867,29 +876,34 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx,
  */
 
 static void _pam_warn_password_expiry(struct pwb_context *ctx,
-				      const struct winbindd_response *response,
+				      const struct wbcAuthUserInfo *info,
+				      const struct wbcUserPasswordPolicyInfo *policy,
 				      int warn_pwd_expire,
 				      bool *already_expired)
 {
 	time_t now = time(NULL);
 	time_t next_change = 0;
 
+	if (!info || !policy) {
+		return;
+	}
+
 	if (already_expired) {
 		*already_expired = false;
 	}
 
-	/* accounts with ACB_PWNOEXP set never receive a warning */
-	if (response->data.auth.info3.acct_flags & ACB_PWNOEXP) {
+	/* accounts with WBC_ACB_PWNOEXP set never receive a warning */
+	if (info->acct_flags & WBC_ACB_PWNOEXP) {
 		return;
 	}
 
 	/* no point in sending a warning if this is a grace logon */
-	if (PAM_WB_GRACE_LOGON(response->data.auth.info3.user_flgs)) {
+	if (PAM_WB_GRACE_LOGON(info->user_flags)) {
 		return;
 	}
 
 	/* check if the info3 must change timestamp has been set */
-	next_change = response->data.auth.info3.pass_must_change_time;
+	next_change = info->pass_must_change_time;
 
 	if (_pam_send_password_expiry_message(ctx, next_change, now,
 					      warn_pwd_expire,
@@ -900,12 +914,11 @@ static void _pam_warn_password_expiry(struct pwb_context *ctx,
 	/* now check for the global password policy */
 	/* good catch from Ralf Haferkamp: an expiry of "never" is translated
 	 * to -1 */
-	if (response->data.auth.policy.expire <= 0) {
+	if (policy->expire <= 0) {
 		return;
 	}
 
-	next_change = response->data.auth.info3.pass_last_set_time +
-		      response->data.auth.policy.expire;
+	next_change = info->pass_last_set_time + policy->expire;
 
 	if (_pam_send_password_expiry_message(ctx, next_change, now,
 					      warn_pwd_expire,
@@ -963,33 +976,33 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx,
 				       int sid_list_buffer_size)
 {
 	const char* sid_string;
-	struct winbindd_response sid_response;
 
 	/* lookup name? */
 	if (IS_SID_STRING(name)) {
 		sid_string = name;
 	} else {
-		struct winbindd_request sid_request;
-
-		ZERO_STRUCT(sid_request);
-		ZERO_STRUCT(sid_response);
+		wbcErr wbc_status;
+		struct wbcDomainSid sid;
+		enum wbcSidType type;
+		char *sid_str;
 
 		_pam_log_debug(ctx, LOG_DEBUG,
 			       "no sid given, looking up: %s\n", name);
 
-		/* fortunatly winbindd can handle non-separated names */
-		strncpy(sid_request.data.name.name, name,
-			sizeof(sid_request.data.name.name) - 1);
-
-		if (pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME,
-					    &sid_request, &sid_response,
-					    user)) {
+		wbc_status = wbcLookupName("", name, &sid, &type);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
 			_pam_log(ctx, LOG_INFO,
 				 "could not lookup name: %s\n", name);
 			return false;
 		}
 
-		sid_string = sid_response.data.sid.sid;
+		wbc_status = wbcSidToString(&sid, &sid_str);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			return false;
+		}
+
+		wbcFreeMemory(sid_str);
+		sid_string = sid_str;
 	}
 
 	if (!safe_append_string(sid_list_buffer, sid_string,
@@ -1074,15 +1087,28 @@ out:
  */
 
 static void _pam_setup_krb5_env(struct pwb_context *ctx,
-				const char *krb5ccname)
+				struct wbcLogonUserInfo *info)
 {
 	char var[PATH_MAX];
 	int ret;
+	uint32_t i;
+	const char *krb5ccname = NULL;
 
 	if (off(ctx->ctrl, WINBIND_KRB5_AUTH)) {
 		return;
 	}
 
+	if (!info) {
+		return;
+	}
+
+	for (i=0; i < info->num_blobs; i++) {
+		if (strcasecmp(info->blobs[i].name, "krb5ccname") == 0) {
+			krb5ccname = (const char *)info->blobs[i].blob.data;
+			break;
+		}
+	}
+
 	if (!krb5ccname || (strlen(krb5ccname) == 0)) {
 		return;
 	}
@@ -1103,6 +1129,41 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx,
 }
 
 /**
+ * Copy unix username if available (further processed in PAM).
+ *
+ * @param ctx PAM winbind context
+ * @param user_ret A pointer that holds a pointer to a string
+ * @param unix_username A username
+ *
+ * @return void.
+ */
+
+static void _pam_setup_unix_username(struct pwb_context *ctx,
+				     char **user_ret,
+				     struct wbcLogonUserInfo *info)
+{
+	const char *unix_username = NULL;
+	uint32_t i;
+
+	if (!user_ret || !info) {
+		return;
+	}
+
+	for (i=0; i < info->num_blobs; i++) {
+		if (strcasecmp(info->blobs[i].name, "unix_username") == 0) {
+			unix_username = (const char *)info->blobs[i].blob.data;
+			break;
+		}
+	}
+
+	if (!unix_username || !unix_username[0]) {
+		return;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list