diff options
| author | Günther Deschner <gd@samba.org> | 2006-02-13 15:12:22 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:06 -0500 |
| commit | f0ed0440c4d3b8736eb5e1ceba8b9257eb29cee3 (patch) | |
| tree | 35bff7daa4d9c393e03eeb07bb2c2ac564330ff1 /source3/nsswitch/winbindd_pam.c | |
| parent | 6791180b8175a3f580b911f6b07a990d3559412d (diff) | |
| download | samba-f0ed0440c4d3b8736eb5e1ceba8b9257eb29cee3.tar.gz samba-f0ed0440c4d3b8736eb5e1ceba8b9257eb29cee3.tar.bz2 samba-f0ed0440c4d3b8736eb5e1ceba8b9257eb29cee3.zip | |
r13492: As noone objected on the mailing-list:
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
(This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 5f84d138e6..47b8d7bbd5 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -633,8 +633,17 @@ void winbindd_pam_auth(struct winbindd_cli_state *state) /* Parse domain and username */ - parse_domain_user(state->request.data.auth.user, - name_domain, name_user); + if (!parse_domain_user(state->request.data.auth.user, + name_domain, name_user)) { + set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER); + DEBUG(5, ("Plain text authentication for %s returned %s " + "(PAM: %d)\n", + state->request.data.auth.user, + state->response.data.auth.nt_status_string, + state->response.data.auth.pam_error)); + request_error(state); + return; + } domain = find_auth_domain(state, name_domain); |