[SCM] Samba Shared Repository - branch master updated - d9efd52fd09af752b3b7fae2a88a522e05e7f672

Günther Deschner gd at samba.org
Fri Oct 10 13:43:03 GMT 2008


The branch, master has been updated
       via  d9efd52fd09af752b3b7fae2a88a522e05e7f672 (commit)
       via  e8fe6661b4bbf338f46c52cb12c7bdb04037f297 (commit)
       via  9448520828bbd78f34d027fd1801467395449b7c (commit)
       via  9a0860f93f8260040ac458b06d7a8609b7b5beab (commit)
       via  4ff415dd15ac13019171b07b0c49784293d41f53 (commit)
      from  dde8046489cde714a42694d2979bfa44dac71cd6 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d9efd52fd09af752b3b7fae2a88a522e05e7f672
Author: Günther Deschner <gd at samba.org>
Date:   Fri Aug 29 16:12:04 2008 +0200

    pam_winbind: remove unused pam_winbind_request().
    
    Guenther

commit e8fe6661b4bbf338f46c52cb12c7bdb04037f297
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 14:52:24 2008 +0200

    pam_winbind: fix wbc_auth_error_to_pam_error().
    
    Guenther

commit 9448520828bbd78f34d027fd1801467395449b7c
Author: Günther Deschner <gd at samba.org>
Date:   Mon Aug 25 14:35:42 2008 +0200

    pam_winbind: remove some unused macros.
    
    Guenther

commit 9a0860f93f8260040ac458b06d7a8609b7b5beab
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 14:51:31 2008 +0200

    pam_winbind: remove NETLOGON_CACHED_ACCOUNT and NETLOGON_GRACE_LOGON.
    
    Guenther

commit 4ff415dd15ac13019171b07b0c49784293d41f53
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 19 14:48:23 2008 +0200

    pam_winbind: remove ACB_PWNOEXP.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/nsswitch/pam_winbind.c |   83 ++++++++--------------------------------
 source3/nsswitch/pam_winbind.h |   58 +---------------------------
 2 files changed, 18 insertions(+), 123 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index f343967..a9d6aa6 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -684,56 +684,10 @@ static int _make_remark_format(struct pwb_context *ctx, int type, const char *fo
 	return ret;
 }
 
-static int pam_winbind_request(struct pwb_context *ctx,
-			       enum winbindd_cmd req_type,
-			       struct winbindd_request *request,
-			       struct winbindd_response *response)
-{
-	/* Fill in request and send down pipe */
-	winbindd_init_request(request, req_type);
-
-	if (winbind_write_sock(request, sizeof(*request), 0, 0) == -1) {
-		_pam_log(ctx, LOG_ERR,
-			 "pam_winbind_request: write to socket failed!");
-		winbind_close_sock();
-		return PAM_SERVICE_ERR;
-	}
-
-	/* Wait for reply */
-	if (winbindd_read_reply(response) == -1) {
-		_pam_log(ctx, LOG_ERR,
-			 "pam_winbind_request: read from socket failed!");
-		winbind_close_sock();
-		return PAM_SERVICE_ERR;
-	}
-
-	/* We are done with the socket - close it and avoid mischeif */
-	winbind_close_sock();
-
-	/* Copy reply data from socket */
-	if (response->result == WINBINDD_OK) {
-		return PAM_SUCCESS;
-	}
-
-	if (response->data.auth.pam_error != PAM_SUCCESS) {
-		_pam_log(ctx, LOG_ERR,
-			 "request failed: %s, "
-			 "PAM error was %s (%d), NT error was %s",
-			 response->data.auth.error_string,
-			 pam_strerror(ctx->pamh, response->data.auth.pam_error),
-			 response->data.auth.pam_error,
-			 response->data.auth.nt_status_string);
-		return response->data.auth.pam_error;
-	}
-
-	_pam_log(ctx, LOG_ERR, "request failed, but PAM error 0!");
-
-	return PAM_SERVICE_ERR;
-}
-
 static int pam_winbind_request_log(struct pwb_context *ctx,
 				   int retval,
-				   const char *user)
+				   const char *user,
+				   const char *fn)
 {
 	switch (retval) {
 	case PAM_AUTH_ERR:
@@ -766,24 +720,19 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
 		return retval;
 	case PAM_SUCCESS:
 		/* Otherwise, the authentication looked good */
-#if 0
-		switch (req_type) {
-			case WINBINDD_PAM_AUTH:
-				_pam_log(ctx, LOG_NOTICE,
-					 "user '%s' granted access", user);
-				break;
-			default:
-				_pam_log(ctx, LOG_NOTICE,
-					 "user '%s' OK", user);
-				break;
+		if (strcmp(fn, "wbcLogonUser") == 0) {
+			_pam_log(ctx, LOG_NOTICE,
+				 "user '%s' granted access", user);
+		} else {
+			_pam_log(ctx, LOG_NOTICE,
+				 "user '%s' OK", user);
 		}
-#endif
 		return retval;
 	default:
 		/* we don't know anything about this return value */
 		_pam_log(ctx, LOG_ERR,
-			 "internal module error (retval = %d, user = '%s')",
-			 retval, user);
+			 "internal module error (retval = %s(%d), user = '%s')",
+			_pam_error_code_str(retval), retval, user);
 		return retval;
 	}
 }
@@ -800,7 +749,7 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
 		_pam_log_debug(ctx, LOG_DEBUG, "request %s succeeded",
 			fn);
 		ret = PAM_SUCCESS;
-		return pam_winbind_request_log(ctx, ret, username);
+		return pam_winbind_request_log(ctx, ret, username, fn);
 	}
 
 	if (e) {
@@ -816,17 +765,17 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
 				 e->nt_string,
 				 e->display_string);
 			ret = e->pam_error;
-			return pam_winbind_request_log(ctx, ret, username);
+			return pam_winbind_request_log(ctx, ret, username, fn);
 		}
 
 		_pam_log(ctx, LOG_ERR, "request %s failed, but PAM error 0!", fn);
 
 		ret = PAM_SERVICE_ERR;
-		return pam_winbind_request_log(ctx, ret, username);
+		return pam_winbind_request_log(ctx, ret, username, fn);
 	}
 
 	ret = wbc_error_to_pam_error(status);
-	return pam_winbind_request_log(ctx, ret, username);
+	return pam_winbind_request_log(ctx, ret, username, fn);
 }
 
 
@@ -918,8 +867,8 @@ static void _pam_warn_password_expiry(struct pwb_context *ctx,
 		*already_expired = false;
 	}
 
-	/* accounts with ACB_PWNOEXP set never receive a warning */
-	if (info->acct_flags & ACB_PWNOEXP) {
+	/* accounts with WBC_ACB_PWNOEXP set never receive a warning */
+	if (info->acct_flags & WBC_ACB_PWNOEXP) {
 		return;
 	}
 
diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h
index f05f2d7..e7c869c 100644
--- a/source3/nsswitch/pam_winbind.h
+++ b/source3/nsswitch/pam_winbind.h
@@ -135,65 +135,11 @@ do {                             \
 	};\
 };
 
-#define PAM_WB_REMARK_DIRECT_RET(h,f,x)\
-{\
-	const char *error_string = NULL; \
-	error_string = _get_ntstatus_error_string(x);\
-	if (error_string != NULL) {\
-		_make_remark(h, f, PAM_ERROR_MSG, error_string);\
-		return ret;\
-	};\
-	_make_remark(h, f, PAM_ERROR_MSG, x);\
-	return ret;\
-};
-
-#define PAM_WB_REMARK_CHECK_RESPONSE(c,x,y)\
-{\
-	const char *ntstatus = x.data.auth.nt_status_string; \
-	const char *error_string = NULL; \
-	if (!strcasecmp(ntstatus,y)) {\
-		error_string = _get_ntstatus_error_string(y);\
-		if (error_string != NULL) {\
-			_make_remark(c, PAM_ERROR_MSG, error_string);\
-		};\
-		if (x.data.auth.error_string[0] != '\0') {\
-			_make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\
-		};\
-		_make_remark(c, PAM_ERROR_MSG, y);\
-	};\
-};
-
-#define PAM_WB_REMARK_CHECK_RESPONSE_RET(c,x,y)\
-{\
-	const char *ntstatus = x.data.auth.nt_status_string; \
-	const char *error_string = NULL; \
-	if (!strcasecmp(ntstatus,y)) {\
-		error_string = _get_ntstatus_error_string(y);\
-		if (error_string != NULL) {\
-			_make_remark(c, PAM_ERROR_MSG, error_string);\
-			return ret;\
-		};\
-		if (x.data.auth.error_string[0] != '\0') {\
-			_make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\
-			return ret;\
-		};\
-		_make_remark(c, PAM_ERROR_MSG, y);\
-		return ret;\
-	};\
-};
-
-#define ACB_PWNOEXP			0x00000200
-
-/* from netlogon.idl */
-#define NETLOGON_CACHED_ACCOUNT		0x00000004
-#define NETLOGON_GRACE_LOGON		0x01000000
-
-/* from include/rpc_netlogon.h */
 #define LOGON_KRB5_FAIL_CLOCK_SKEW	0x02000000
 
-#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT)
+#define PAM_WB_CACHED_LOGON(x) (x & WBC_AUTH_USER_INFO_CACHED_ACCOUNT)
 #define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
-#define PAM_WB_GRACE_LOGON(x)  ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
+#define PAM_WB_GRACE_LOGON(x)  ((WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON) == ( x & (WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON)))
 
 struct pwb_context {
 	pam_handle_t *pamh;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list