diff options
author | Günther Deschner <gd@samba.org> | 2007-02-05 14:34:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:17:42 -0500 |
commit | 4aa7205c3da08b6efb322980bf7cf2ebe12c67a8 (patch) | |
tree | aca934783669bf686cdfd22559bf7f7c7bec3861 | |
parent | 7b3f62e057ff29bb3359398aa2cfbd12f3d7bcdc (diff) | |
download | samba-4aa7205c3da08b6efb322980bf7cf2ebe12c67a8.tar.gz samba-4aa7205c3da08b6efb322980bf7cf2ebe12c67a8.tar.bz2 samba-4aa7205c3da08b6efb322980bf7cf2ebe12c67a8.zip |
r21143: Fix wrong check for pam error codes for getpwnam and lookup winbind
requests in pam_winbind (Bug #4094).
Inspired by fix from Lars Heete.
Guenther
(This used to be commit 88e2185d2913e835e074dc3cc4ab1c631c3296a5)
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index d7fb838d9a..2b8e9be528 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -444,21 +444,34 @@ static int pam_winbind_request(pam_handle_t * pamh, int ctrl, close_sock(); /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - if (response->data.auth.pam_error != PAM_SUCCESS) { - _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s", - response->data.auth.error_string, - pam_strerror(pamh, response->data.auth.pam_error), - response->data.auth.pam_error, - response->data.auth.nt_status_string); - return response->data.auth.pam_error; - } else { - _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!"); - return PAM_SERVICE_ERR; - } + if (response->result == WINBINDD_OK) { + return PAM_SUCCESS; } - return PAM_SUCCESS; + /* no need to check for pam_error codes for getpwnam() */ + switch (req_type) { + + case WINBINDD_GETPWNAM: + case WINBINDD_LOOKUPNAME: + _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, NT error was %s", + response->data.auth.nt_status_string); + return PAM_USER_UNKNOWN; + default: + break; + } + + if (response->data.auth.pam_error != PAM_SUCCESS) { + _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s", + response->data.auth.error_string, + pam_strerror(pamh, response->data.auth.pam_error), + response->data.auth.pam_error, + response->data.auth.nt_status_string); + return response->data.auth.pam_error; + } + + _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!"); + + return PAM_SERVICE_ERR; } static int pam_winbind_request_log(pam_handle_t * pamh, |