[PATCH] pam_winbind: error msg. for NT_STATUS_ERR_* which don't have mapped PAM errors

Andrew Bartlett abartlet at samba.org
Mon Dec 20 23:05:30 GMT 2004


On Fri, 2004-12-10 at 19:46 +0530, Narayana Pattipati wrote:
> Hi,
> 
> Error messages like NT_STATUS_ACCOUNT_DISABLED,
> NT_STATUS_PASSWORD_RESTRICTION does not have mapped PAM errors. So, when
> an application receives them, the PAM error will be "4", which is
> PAM_SYS_ERROR. 
> 
> So, the end user will not know what went wrong even though pam_winbind
> returns errors like "account disabled", "password restriction" etc. 
> 
> The attached patch writes such error messages (which don't have PAM
> error mapping) onto conversation pipe, so that  application can read
> them make sense out of them. 
> 
> I am new to samba. Please let me know if this is correct approach or
> suggest any  better approach.

Close, but instead of putting the strings there, put them in
libsmb/nterr.c and pull response.data.auth.error_string into the
message.

Is there any reason we can't/should not always print the message?  Or
always for the 'generic error' pam code?

Also, see if there is a good PAM error code to switch on - the current
table is just a start.

-- 
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041221/d14b56ab/attachment.bin


More information about the samba-technical mailing list