diff options
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 1a38b979b9..6a13b38b3a 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -677,7 +677,7 @@ void winbindd_pam_auth(struct winbindd_cli_state *state) /* Parse domain and username */ - if (!parse_domain_user(state->request.data.auth.user, + if (!canonicalize_username(state->request.data.auth.user, name_domain, name_user)) { set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER); DEBUG(5, ("Plain text authentication for %s returned %s " @@ -1806,7 +1806,16 @@ void winbindd_pam_chauthtok(struct winbindd_cli_state *state) /* Setup crap */ - parse_domain_user(state->request.data.chauthtok.user, domain, user); + if (!canonicalize_username(state->request.data.chauthtok.user, domain, user)) { + set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER); + DEBUG(5, ("winbindd_pam_chauthtok: canonicalize_username %s failed with %s" + "(PAM: %d)\n", + state->request.data.auth.user, + state->response.data.auth.nt_status_string, + state->response.data.auth.pam_error)); + request_error(state); + return; + } contact_domain = find_domain_from_name(domain); if (!contact_domain) { @@ -1941,7 +1950,7 @@ void winbindd_pam_logoff(struct winbindd_cli_state *state) state->request.data.logoff.krb5ccname [sizeof(state->request.data.logoff.krb5ccname)-1]='\0'; - if (!parse_domain_user(state->request.data.logoff.user, name_domain, user)) { + if (!canonicalize_username(state->request.data.logoff.user, name_domain, user)) { goto failed; } |