summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-03-01 03:10:29 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:18:17 -0500
commit2c51e492f9961277c27099e6beaa431db2acc6d1 (patch)
treefdd4e5e1b52f657e2f0bf6b1c5540b3087ede869 /source3/nsswitch
parent85f769dbb425722c2246b8d98a529aac6849ab7d (diff)
downloadsamba-2c51e492f9961277c27099e6beaa431db2acc6d1.tar.gz
samba-2c51e492f9961277c27099e6beaa431db2acc6d1.tar.bz2
samba-2c51e492f9961277c27099e6beaa431db2acc6d1.zip
r21612: Make pam_winbind do the same username fixup on AIX as the WINBINDD
LAM module does to work around a system that does not support >8 character usernames. Without the change, pam_winbind tries to authenticate _#uid in the domain. (This used to be commit 7f0ba72e05acbd958fbf768a04d16c29189dc8f7)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/pam_winbind.c34
1 files changed, 32 insertions, 2 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index ac87fcf32e..d21c985fee 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1517,6 +1517,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
dictionary *d = NULL;
char *username_ret = NULL;
char *new_authtok_required = NULL;
+ char *combined_member = NULL;
+ const char *real_username = NULL;
/* parse arguments */
int ctrl = _pam_parse(pamh, flags, argc, argv, &d);
@@ -1535,6 +1537,30 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
goto out;
}
+#if defined(AIX)
+ /* Decode the user name since AIX does not support logn user
+ names by default. The name is encoded as _#uid. */
+
+ if ( username[0] == '_' ) {
+ uid_t id = atoi( &username[1] );
+ struct passwd *pw = NULL;
+
+ if ( (id!=0) && ((pw = getpwuid( id )) != NULL) ) {
+ real_username = strdup( pw->pw_name );
+ }
+ }
+#endif
+
+ if ( !real_username ) {
+ /* Just making a copy of the username we got from PAM */
+ if ( (real_username = strdup( username )) == NULL ) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "memory allocation failure when copying username");
+ retval = PAM_SERVICE_ERR;
+ goto out;
+ }
+ }
+
retval = _winbind_read_password(pamh, ctrl, NULL,
"Password: ", NULL,
&password);
@@ -1549,9 +1575,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
#ifdef DEBUG_PASSWORD
_pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s' with password '%s'",
- username, password);
+ real_username, password);
#else
- _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", username);
+ _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", real_username);
#endif
member = get_member_from_config(pamh, argc, argv, ctrl, d);
@@ -1594,6 +1620,10 @@ out:
free(username_ret);
}
+ if ( real_username ) {
+ free( real_username );
+ }
+
if (d) {
iniparser_freedict(d);
}