summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_pam.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-06-24 16:26:23 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-06-24 16:26:23 +1000
commit6da26870e0ae5acd6ff49a30ec2f6886b44d095e (patch)
tree850c71039563c16a5d563c47e7ba2ab645baf198 /source3/winbindd/winbindd_pam.c
parent6925a799d04c6fa59dd2ddef1f5510f9bb7d17d1 (diff)
parent2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 (diff)
downloadsamba-6da26870e0ae5acd6ff49a30ec2f6886b44d095e.tar.gz
samba-6da26870e0ae5acd6ff49a30ec2f6886b44d095e.tar.bz2
samba-6da26870e0ae5acd6ff49a30ec2f6886b44d095e.zip
Merge 2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 as Samba-4.0alpha16
Diffstat (limited to 'source3/winbindd/winbindd_pam.c')
-rw-r--r--source3/winbindd/winbindd_pam.c32
1 files changed, 17 insertions, 15 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 76e06d3735..910e42971a 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -37,7 +37,6 @@
#include "../librpc/gen_ndr/krb5pac.h"
#include "passdb/machine_sid.h"
#include "auth.h"
-#include "ntdomain.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -386,9 +385,9 @@ static void fill_in_password_policy(struct winbindd_response *r,
r->data.auth.policy.password_properties =
p->password_properties;
r->data.auth.policy.expire =
- nt_time_to_unix_abs((NTTIME *)&(p->max_password_age));
+ nt_time_to_unix_abs((const NTTIME *)&(p->max_password_age));
r->data.auth.policy.min_passwordage =
- nt_time_to_unix_abs((NTTIME *)&(p->min_password_age));
+ nt_time_to_unix_abs((const NTTIME *)&(p->min_password_age));
}
static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
@@ -994,7 +993,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
}
- /* User does *NOT* know the correct password, modify info3 accordingly */
+ /* User does *NOT* know the correct password, modify info3 accordingly, but only if online */
+ if (domain->online == false) {
+ goto failed;
+ }
/* failure of this is not critical */
result = get_max_bad_attempts_from_lockout_policy(domain, state->mem_ctx, &max_allowed_bad_attempts);
@@ -1116,7 +1118,7 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
NTSTATUS status;
status = make_user_info(&user_info, user, user, domain, domain,
- global_myname(), lm_resp, nt_resp, NULL, NULL,
+ lp_netbios_name(), lm_resp, nt_resp, NULL, NULL,
NULL, AUTH_PASSWORD_RESPONSE);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("make_user_info failed: %s\n", nt_errstr(status)));
@@ -1248,7 +1250,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
info3);
}
- if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR)
+ if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)
&& domain->can_do_samlogon_ex) {
DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
"retrying with NetSamLogon\n"));
@@ -1346,7 +1348,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
'workstation' passed to the actual SamLogon call.
*/
names_blob = NTLMv2_generate_names_blob(
- mem_ctx, global_myname(), lp_workgroup());
+ mem_ctx, lp_netbios_name(), lp_workgroup());
if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain,
pass,
@@ -1384,7 +1386,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
domain->dcname,
name_user,
name_domain,
- global_myname(),
+ lp_netbios_name(),
chal,
lm_resp,
nt_resp,
@@ -1515,8 +1517,8 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
fstr_sprintf( domain_user, "%s%c%s", name_domain,
*lp_winbind_separator(),
name_user );
- safe_strcpy( state->request->data.auth.user, domain_user,
- sizeof(state->request->data.auth.user)-1 );
+ strlcpy( state->request->data.auth.user, domain_user,
+ sizeof(state->request->data.auth.user));
}
if (!domain->online) {
@@ -1938,10 +1940,10 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
* short to comply with the samr_ChangePasswordUser3 idl - gd */
/* only fallback when the chgpasswd_user3 call is not supported */
- if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) ||
- (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) ||
- (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) ||
- (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) {
+ if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
DEBUG(10,("Password change with chgpasswd_user3 failed with: %s, retrying chgpasswd_user2\n",
nt_errstr(result)));
@@ -2136,7 +2138,7 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
}
if (!*domain && lp_winbind_use_default_domain()) {
- fstrcpy(domain,(char *)lp_workgroup());
+ fstrcpy(domain,lp_workgroup());
}
if(!*user) {