[PATCH] pam_winbind: error msg. for NT_STATUS_ERR_* which
don't have mapped PAM errors
Andrew Bartlett
abartlet at samba.org
Mon Dec 20 23:05:30 GMT 2004
On Fri, 2004-12-10 at 19:46 +0530, Narayana Pattipati wrote:
> Hi,
>
> Error messages like NT_STATUS_ACCOUNT_DISABLED,
> NT_STATUS_PASSWORD_RESTRICTION does not have mapped PAM errors. So, when
> an application receives them, the PAM error will be "4", which is
> PAM_SYS_ERROR.
>
> So, the end user will not know what went wrong even though pam_winbind
> returns errors like "account disabled", "password restriction" etc.
>
> The attached patch writes such error messages (which don't have PAM
> error mapping) onto conversation pipe, so that application can read
> them make sense out of them.
>
> I am new to samba. Please let me know if this is correct approach or
> suggest any better approach.
Close, but instead of putting the strings there, put them in
libsmb/nterr.c and pull response.data.auth.error_string into the
message.
Is there any reason we can't/should not always print the message? Or
always for the 'generic error' pam code?
Also, see if there is a good PAM error code to switch on - the current
table is just a start.
--
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041221/d14b56ab/attachment.bin
More information about the samba-technical
mailing list