[SCM] Samba Shared Repository - branch v3-5-test updated

Bo Yang boyang at samba.org
Sun Oct 18 20:07:36 MDT 2009 

The branch, v3-5-test has been updated
       via  5d62b2f... s3: Don't fail authentication when one or some group of require-membership-of is invalid.
      from  3555704... s3:configure: fix avahi activation

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 5d62b2fcce7d846bf5adb4407c05d281afa6a9e9
Author: Bo Yang <boyang at samba.org>
Date:   Thu Oct 15 06:23:48 2009 +0800

    s3: Don't fail authentication when one or some group of require-membership-of is invalid.
    
    Signed-off-by: Bo Yang <boyang at samba.org>
    (cherry picked from commit 31f1a36901b5b8959dc51401c09c114829b50392)

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/pam_winbind.c |   25 +++++++++++++++++++++++--
 1 files changed, 23 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 0b00c95..0eb24a2 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1057,7 +1057,23 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
 						current_name,
 						sid_list_buffer,
 						sid_list_buffer_size)) {
-			goto out;
+			/*
+			 * If one group name failed, we must not fail
+			 * the authentication totally, continue with
+			 * the following group names. If user belongs to
+			 * one of the valid groups, we must allow it
+			 * login. -- BoYang
+			 */
+
+			_pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, "
+				 "check if group %s is valid group.", current_name,
+				 current_name);
+			_make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+					"to sid, please contact your administrator to see "
+					"if group %s is valid."), current_name, current_name);
+			SAFE_FREE(current_name);
+			search_location = comma + 1;
+			continue;
 		}
 
 		SAFE_FREE(current_name);
@@ -1073,7 +1089,12 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
 	if (!winbind_name_to_sid_string(ctx, user, search_location,
 					sid_list_buffer,
 					sid_list_buffer_size)) {
-		goto out;
+		_pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, "
+			 "check if group %s is valid group.", search_location,
+			 search_location);
+		_make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+				"to sid, please contact your administrator to see "
+				"if group %s is valid."), search_location, search_location);
 	}
 
 	result = true;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list