summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-02-05 14:34:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:17:42 -0500
commit4aa7205c3da08b6efb322980bf7cf2ebe12c67a8 (patch)
treeaca934783669bf686cdfd22559bf7f7c7bec3861
parent7b3f62e057ff29bb3359398aa2cfbd12f3d7bcdc (diff)
downloadsamba-4aa7205c3da08b6efb322980bf7cf2ebe12c67a8.tar.gz
samba-4aa7205c3da08b6efb322980bf7cf2ebe12c67a8.tar.bz2
samba-4aa7205c3da08b6efb322980bf7cf2ebe12c67a8.zip
r21143: Fix wrong check for pam error codes for getpwnam and lookup winbind
requests in pam_winbind (Bug #4094). Inspired by fix from Lars Heete. Guenther (This used to be commit 88e2185d2913e835e074dc3cc4ab1c631c3296a5)
-rw-r--r--source3/nsswitch/pam_winbind.c39
1 files changed, 26 insertions, 13 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index d7fb838d9a..2b8e9be528 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -444,21 +444,34 @@ static int pam_winbind_request(pam_handle_t * pamh, int ctrl,
close_sock();
/* Copy reply data from socket */
- if (response->result != WINBINDD_OK) {
- if (response->data.auth.pam_error != PAM_SUCCESS) {
- _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
- response->data.auth.error_string,
- pam_strerror(pamh, response->data.auth.pam_error),
- response->data.auth.pam_error,
- response->data.auth.nt_status_string);
- return response->data.auth.pam_error;
- } else {
- _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!");
- return PAM_SERVICE_ERR;
- }
+ if (response->result == WINBINDD_OK) {
+ return PAM_SUCCESS;
}
- return PAM_SUCCESS;
+ /* no need to check for pam_error codes for getpwnam() */
+ switch (req_type) {
+
+ case WINBINDD_GETPWNAM:
+ case WINBINDD_LOOKUPNAME:
+ _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, NT error was %s",
+ response->data.auth.nt_status_string);
+ return PAM_USER_UNKNOWN;
+ default:
+ break;
+ }
+
+ if (response->data.auth.pam_error != PAM_SUCCESS) {
+ _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
+ response->data.auth.error_string,
+ pam_strerror(pamh, response->data.auth.pam_error),
+ response->data.auth.pam_error,
+ response->data.auth.nt_status_string);
+ return response->data.auth.pam_error;
+ }
+
+ _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!");
+
+ return PAM_SERVICE_ERR;
}
static int pam_winbind_request_log(pam_handle_t * pamh,