[SCM] Samba Shared Repository - branch master updated -
d9efd52fd09af752b3b7fae2a88a522e05e7f672
Günther Deschner
gd at samba.org
Fri Oct 10 13:43:03 GMT 2008
The branch, master has been updated
via d9efd52fd09af752b3b7fae2a88a522e05e7f672 (commit)
via e8fe6661b4bbf338f46c52cb12c7bdb04037f297 (commit)
via 9448520828bbd78f34d027fd1801467395449b7c (commit)
via 9a0860f93f8260040ac458b06d7a8609b7b5beab (commit)
via 4ff415dd15ac13019171b07b0c49784293d41f53 (commit)
from dde8046489cde714a42694d2979bfa44dac71cd6 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d9efd52fd09af752b3b7fae2a88a522e05e7f672
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 29 16:12:04 2008 +0200
pam_winbind: remove unused pam_winbind_request().
Guenther
commit e8fe6661b4bbf338f46c52cb12c7bdb04037f297
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 14:52:24 2008 +0200
pam_winbind: fix wbc_auth_error_to_pam_error().
Guenther
commit 9448520828bbd78f34d027fd1801467395449b7c
Author: Günther Deschner <gd at samba.org>
Date: Mon Aug 25 14:35:42 2008 +0200
pam_winbind: remove some unused macros.
Guenther
commit 9a0860f93f8260040ac458b06d7a8609b7b5beab
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 14:51:31 2008 +0200
pam_winbind: remove NETLOGON_CACHED_ACCOUNT and NETLOGON_GRACE_LOGON.
Guenther
commit 4ff415dd15ac13019171b07b0c49784293d41f53
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 14:48:23 2008 +0200
pam_winbind: remove ACB_PWNOEXP.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/nsswitch/pam_winbind.c | 83 ++++++++--------------------------------
source3/nsswitch/pam_winbind.h | 58 +---------------------------
2 files changed, 18 insertions(+), 123 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index f343967..a9d6aa6 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -684,56 +684,10 @@ static int _make_remark_format(struct pwb_context *ctx, int type, const char *fo
return ret;
}
-static int pam_winbind_request(struct pwb_context *ctx,
- enum winbindd_cmd req_type,
- struct winbindd_request *request,
- struct winbindd_response *response)
-{
- /* Fill in request and send down pipe */
- winbindd_init_request(request, req_type);
-
- if (winbind_write_sock(request, sizeof(*request), 0, 0) == -1) {
- _pam_log(ctx, LOG_ERR,
- "pam_winbind_request: write to socket failed!");
- winbind_close_sock();
- return PAM_SERVICE_ERR;
- }
-
- /* Wait for reply */
- if (winbindd_read_reply(response) == -1) {
- _pam_log(ctx, LOG_ERR,
- "pam_winbind_request: read from socket failed!");
- winbind_close_sock();
- return PAM_SERVICE_ERR;
- }
-
- /* We are done with the socket - close it and avoid mischeif */
- winbind_close_sock();
-
- /* Copy reply data from socket */
- if (response->result == WINBINDD_OK) {
- return PAM_SUCCESS;
- }
-
- if (response->data.auth.pam_error != PAM_SUCCESS) {
- _pam_log(ctx, LOG_ERR,
- "request failed: %s, "
- "PAM error was %s (%d), NT error was %s",
- response->data.auth.error_string,
- pam_strerror(ctx->pamh, response->data.auth.pam_error),
- response->data.auth.pam_error,
- response->data.auth.nt_status_string);
- return response->data.auth.pam_error;
- }
-
- _pam_log(ctx, LOG_ERR, "request failed, but PAM error 0!");
-
- return PAM_SERVICE_ERR;
-}
-
static int pam_winbind_request_log(struct pwb_context *ctx,
int retval,
- const char *user)
+ const char *user,
+ const char *fn)
{
switch (retval) {
case PAM_AUTH_ERR:
@@ -766,24 +720,19 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
return retval;
case PAM_SUCCESS:
/* Otherwise, the authentication looked good */
-#if 0
- switch (req_type) {
- case WINBINDD_PAM_AUTH:
- _pam_log(ctx, LOG_NOTICE,
- "user '%s' granted access", user);
- break;
- default:
- _pam_log(ctx, LOG_NOTICE,
- "user '%s' OK", user);
- break;
+ if (strcmp(fn, "wbcLogonUser") == 0) {
+ _pam_log(ctx, LOG_NOTICE,
+ "user '%s' granted access", user);
+ } else {
+ _pam_log(ctx, LOG_NOTICE,
+ "user '%s' OK", user);
}
-#endif
return retval;
default:
/* we don't know anything about this return value */
_pam_log(ctx, LOG_ERR,
- "internal module error (retval = %d, user = '%s')",
- retval, user);
+ "internal module error (retval = %s(%d), user = '%s')",
+ _pam_error_code_str(retval), retval, user);
return retval;
}
}
@@ -800,7 +749,7 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
_pam_log_debug(ctx, LOG_DEBUG, "request %s succeeded",
fn);
ret = PAM_SUCCESS;
- return pam_winbind_request_log(ctx, ret, username);
+ return pam_winbind_request_log(ctx, ret, username, fn);
}
if (e) {
@@ -816,17 +765,17 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
e->nt_string,
e->display_string);
ret = e->pam_error;
- return pam_winbind_request_log(ctx, ret, username);
+ return pam_winbind_request_log(ctx, ret, username, fn);
}
_pam_log(ctx, LOG_ERR, "request %s failed, but PAM error 0!", fn);
ret = PAM_SERVICE_ERR;
- return pam_winbind_request_log(ctx, ret, username);
+ return pam_winbind_request_log(ctx, ret, username, fn);
}
ret = wbc_error_to_pam_error(status);
- return pam_winbind_request_log(ctx, ret, username);
+ return pam_winbind_request_log(ctx, ret, username, fn);
}
@@ -918,8 +867,8 @@ static void _pam_warn_password_expiry(struct pwb_context *ctx,
*already_expired = false;
}
- /* accounts with ACB_PWNOEXP set never receive a warning */
- if (info->acct_flags & ACB_PWNOEXP) {
+ /* accounts with WBC_ACB_PWNOEXP set never receive a warning */
+ if (info->acct_flags & WBC_ACB_PWNOEXP) {
return;
}
diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h
index f05f2d7..e7c869c 100644
--- a/source3/nsswitch/pam_winbind.h
+++ b/source3/nsswitch/pam_winbind.h
@@ -135,65 +135,11 @@ do { \
};\
};
-#define PAM_WB_REMARK_DIRECT_RET(h,f,x)\
-{\
- const char *error_string = NULL; \
- error_string = _get_ntstatus_error_string(x);\
- if (error_string != NULL) {\
- _make_remark(h, f, PAM_ERROR_MSG, error_string);\
- return ret;\
- };\
- _make_remark(h, f, PAM_ERROR_MSG, x);\
- return ret;\
-};
-
-#define PAM_WB_REMARK_CHECK_RESPONSE(c,x,y)\
-{\
- const char *ntstatus = x.data.auth.nt_status_string; \
- const char *error_string = NULL; \
- if (!strcasecmp(ntstatus,y)) {\
- error_string = _get_ntstatus_error_string(y);\
- if (error_string != NULL) {\
- _make_remark(c, PAM_ERROR_MSG, error_string);\
- };\
- if (x.data.auth.error_string[0] != '\0') {\
- _make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\
- };\
- _make_remark(c, PAM_ERROR_MSG, y);\
- };\
-};
-
-#define PAM_WB_REMARK_CHECK_RESPONSE_RET(c,x,y)\
-{\
- const char *ntstatus = x.data.auth.nt_status_string; \
- const char *error_string = NULL; \
- if (!strcasecmp(ntstatus,y)) {\
- error_string = _get_ntstatus_error_string(y);\
- if (error_string != NULL) {\
- _make_remark(c, PAM_ERROR_MSG, error_string);\
- return ret;\
- };\
- if (x.data.auth.error_string[0] != '\0') {\
- _make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\
- return ret;\
- };\
- _make_remark(c, PAM_ERROR_MSG, y);\
- return ret;\
- };\
-};
-
-#define ACB_PWNOEXP 0x00000200
-
-/* from netlogon.idl */
-#define NETLOGON_CACHED_ACCOUNT 0x00000004
-#define NETLOGON_GRACE_LOGON 0x01000000
-
-/* from include/rpc_netlogon.h */
#define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000
-#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT)
+#define PAM_WB_CACHED_LOGON(x) (x & WBC_AUTH_USER_INFO_CACHED_ACCOUNT)
#define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
-#define PAM_WB_GRACE_LOGON(x) ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
+#define PAM_WB_GRACE_LOGON(x) ((WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON) == ( x & (WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON)))
struct pwb_context {
pam_handle_t *pamh;
--
Samba Shared Repository
More information about the samba-cvs
mailing list