diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 104 | ||||
-rw-r--r-- | source3/nsswitch/pam_winbind.h | 1 |
2 files changed, 69 insertions, 36 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index aeab270a86..1cbf732489 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -742,6 +742,68 @@ out: } /** + * Set string into the PAM stack. + * + * @param pamh PAM handle + * @param ctrl PAM winbind options. + * @param data_name Key name for pam_set_data. + * @param value String value. + * + * @return void. + */ + +static void _pam_set_data_string(pam_handle_t *pamh, int ctrl, const char *data_name, const char *value) +{ + int ret; + + if ( !data_name || !value || (strlen(data_name) == 0) || (strlen(value) == 0) ) { + return; + } + + ret = pam_set_data(pamh, data_name, (void *)strdup(value), _pam_winbind_cleanup_func); + if (ret) { + _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data %s: %s\n", + data_name, pam_strerror(pamh, ret)); + } + +} + +/** + * Set info3 strings into the PAM stack. + * + * @param pamh PAM handle + * @param ctrl PAM winbind options. + * @param data_name Key name for pam_set_data. + * @param value String value. + * + * @return void. + */ + +static void _pam_set_data_info3(pam_handle_t *pamh, int ctrl, struct winbindd_response *response) +{ + _pam_set_data_string(pamh, ctrl, PAM_WINBIND_HOMEDIR, response->data.auth.info3.home_dir); + _pam_set_data_string(pamh, ctrl, PAM_WINBIND_LOGONSCRIPT, response->data.auth.info3.logon_script); + _pam_set_data_string(pamh, ctrl, PAM_WINBIND_LOGONSERVER, response->data.auth.info3.logon_srv); + _pam_set_data_string(pamh, ctrl, PAM_WINBIND_PROFILEPATH, response->data.auth.info3.profile_path); +} + +/** + * Free info3 strings in the PAM stack. + * + * @param pamh PAM handle + * + * @return void. + */ + +static void _pam_free_data_info3(pam_handle_t *pamh) +{ + pam_set_data(pamh, PAM_WINBIND_HOMEDIR, NULL, NULL); + pam_set_data(pamh, PAM_WINBIND_LOGONSCRIPT, NULL, NULL); + pam_set_data(pamh, PAM_WINBIND_LOGONSERVER, NULL, NULL); + pam_set_data(pamh, PAM_WINBIND_PROFILEPATH, NULL, NULL); +} + +/** * Compose Password Restriction String for a PAM_ERROR_MSG conversation. * * @param response The struct winbindd_response. @@ -969,42 +1031,8 @@ static int winbind_auth_request(pam_handle_t * pamh, "User %s logged on using cached account\n", user); } - /* save the CIFS homedir for pam_cifs / pam_mount */ - if (response.data.auth.info3.home_dir[0] != '\0') { - - int ret2 = pam_set_data(pamh, PAM_WINBIND_HOMEDIR, - (void *) strdup(response.data.auth.info3.home_dir), - _pam_winbind_cleanup_func); - if (ret2) { - _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s", - pam_strerror(pamh, ret2)); - } - - } - - /* save the logon script path for other PAM modules */ - if (response.data.auth.info3.logon_script[0] != '\0') { - - int ret2 = pam_set_data(pamh, PAM_WINBIND_LOGONSCRIPT, - (void *) strdup(response.data.auth.info3.logon_script), - _pam_winbind_cleanup_func); - if (ret2) { - _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s", - pam_strerror(pamh, ret2)); - } - } - - /* save the profile path for other PAM modules */ - if (response.data.auth.info3.profile_path[0] != '\0') { - - int ret2 = pam_set_data(pamh, PAM_WINBIND_PROFILEPATH, - (void *) strdup(response.data.auth.info3.profile_path), - _pam_winbind_cleanup_func); - if (ret2) { - _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s", - pam_strerror(pamh, ret2)); - } - } + /* set some info3 info for other modules in the stack */ + _pam_set_data_info3(pamh, ctrl, &response); /* If winbindd returned a username, return the pointer to it here. */ if (user_ret && response.extra_data.data) { @@ -1465,6 +1493,10 @@ out: pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, NULL, NULL); } + if (retval != PAM_SUCCESS) { + _pam_free_data_info3(pamh); + } + _PAM_LOG_FUNCTION_LEAVE("pam_sm_authenticate", pamh, ctrl, retval); return retval; diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index d2bf7da9e3..2de7b355fc 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -101,6 +101,7 @@ do { \ #define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD" #define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR" #define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT" +#define PAM_WINBIND_LOGONSERVER "PAM_WINBIND_LOGONSERVER" #define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH" #define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET" |