diff options
Diffstat (limited to 'source3/nsswitch/pam_winbind.c')
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index ea50b1ac74..78b0e8c28b 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -344,7 +344,8 @@ static int winbind_auth_request(pam_handle_t * pamh, const char *member, const char *cctype, int process_result, - time_t *pwd_last_set) + time_t *pwd_last_set, + char **user_ret) { struct winbindd_request request; struct winbindd_response response; @@ -388,6 +389,11 @@ static int winbind_auth_request(pam_handle_t * pamh, request.flags |= WBFLAG_PAM_CACHED_LOGIN; } + if (user_ret) { + *user_ret = NULL; + request.flags |= WBFLAG_PAM_UNIX_NAME; + } + if (cctype != NULL) { strncpy(request.data.auth.krb5_cc_type, cctype, sizeof(request.data.auth.krb5_cc_type) - 1); @@ -526,6 +532,12 @@ static int winbind_auth_request(pam_handle_t * pamh, } } + /* If winbindd returned a username, return the pointer to it here. */ + if (user_ret && response.extra_data.data) { + /* We have to trust it's a null terminated string. */ + *user_ret = response.extra_data.data; + } + return ret; } @@ -906,6 +918,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, const char *cctype = NULL; int retval = PAM_AUTH_ERR; dictionary *d; + char *username_ret = NULL; /* parse arguments */ int ctrl = _pam_parse(argc, argv, &d); @@ -948,7 +961,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, cctype = get_krb5_cc_type_from_config(argc, argv, ctrl, d); /* Now use the username to look up password */ - retval = winbind_auth_request(pamh, ctrl, username, password, member, cctype, True, NULL); + retval = winbind_auth_request(pamh, ctrl, username, password, member, + cctype, True, NULL, &username_ret); if (retval == PAM_NEW_AUTHTOK_REQD || retval == PAM_AUTHTOK_EXPIRED) { @@ -967,6 +981,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, } out: + if (username_ret) { + pam_set_item (pamh, PAM_USER, username_ret); + free(username_ret); + } + if (d) { iniparser_freedict(d); } @@ -1259,7 +1278,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, } /* verify that this is the password for this user */ - retval = winbind_auth_request(pamh, ctrl, user, pass_old, NULL, NULL, False, &pwdlastset_prelim); + retval = winbind_auth_request(pamh, ctrl, user, pass_old, + NULL, NULL, False, &pwdlastset_prelim, NULL); if (retval != PAM_ACCT_EXPIRED && retval != PAM_AUTHTOK_EXPIRED && @@ -1354,7 +1374,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, const char *member = get_member_from_config(argc, argv, ctrl, d); const char *cctype = get_krb5_cc_type_from_config(argc, argv, ctrl, d); - retval = winbind_auth_request(pamh, ctrl, user, pass_new, member, cctype, False, NULL); + retval = winbind_auth_request(pamh, ctrl, user, pass_new, + member, cctype, False, NULL, NULL); _pam_overwrite(pass_new); _pam_overwrite(pass_old); pass_old = pass_new = NULL; |