summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/pam_winbind.c104
-rw-r--r--source3/nsswitch/pam_winbind.h1
2 files changed, 69 insertions, 36 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index aeab270a86..1cbf732489 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -742,6 +742,68 @@ out:
}
/**
+ * Set string into the PAM stack.
+ *
+ * @param pamh PAM handle
+ * @param ctrl PAM winbind options.
+ * @param data_name Key name for pam_set_data.
+ * @param value String value.
+ *
+ * @return void.
+ */
+
+static void _pam_set_data_string(pam_handle_t *pamh, int ctrl, const char *data_name, const char *value)
+{
+ int ret;
+
+ if ( !data_name || !value || (strlen(data_name) == 0) || (strlen(value) == 0) ) {
+ return;
+ }
+
+ ret = pam_set_data(pamh, data_name, (void *)strdup(value), _pam_winbind_cleanup_func);
+ if (ret) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data %s: %s\n",
+ data_name, pam_strerror(pamh, ret));
+ }
+
+}
+
+/**
+ * Set info3 strings into the PAM stack.
+ *
+ * @param pamh PAM handle
+ * @param ctrl PAM winbind options.
+ * @param data_name Key name for pam_set_data.
+ * @param value String value.
+ *
+ * @return void.
+ */
+
+static void _pam_set_data_info3(pam_handle_t *pamh, int ctrl, struct winbindd_response *response)
+{
+ _pam_set_data_string(pamh, ctrl, PAM_WINBIND_HOMEDIR, response->data.auth.info3.home_dir);
+ _pam_set_data_string(pamh, ctrl, PAM_WINBIND_LOGONSCRIPT, response->data.auth.info3.logon_script);
+ _pam_set_data_string(pamh, ctrl, PAM_WINBIND_LOGONSERVER, response->data.auth.info3.logon_srv);
+ _pam_set_data_string(pamh, ctrl, PAM_WINBIND_PROFILEPATH, response->data.auth.info3.profile_path);
+}
+
+/**
+ * Free info3 strings in the PAM stack.
+ *
+ * @param pamh PAM handle
+ *
+ * @return void.
+ */
+
+static void _pam_free_data_info3(pam_handle_t *pamh)
+{
+ pam_set_data(pamh, PAM_WINBIND_HOMEDIR, NULL, NULL);
+ pam_set_data(pamh, PAM_WINBIND_LOGONSCRIPT, NULL, NULL);
+ pam_set_data(pamh, PAM_WINBIND_LOGONSERVER, NULL, NULL);
+ pam_set_data(pamh, PAM_WINBIND_PROFILEPATH, NULL, NULL);
+}
+
+/**
* Compose Password Restriction String for a PAM_ERROR_MSG conversation.
*
* @param response The struct winbindd_response.
@@ -969,42 +1031,8 @@ static int winbind_auth_request(pam_handle_t * pamh,
"User %s logged on using cached account\n", user);
}
- /* save the CIFS homedir for pam_cifs / pam_mount */
- if (response.data.auth.info3.home_dir[0] != '\0') {
-
- int ret2 = pam_set_data(pamh, PAM_WINBIND_HOMEDIR,
- (void *) strdup(response.data.auth.info3.home_dir),
- _pam_winbind_cleanup_func);
- if (ret2) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s",
- pam_strerror(pamh, ret2));
- }
-
- }
-
- /* save the logon script path for other PAM modules */
- if (response.data.auth.info3.logon_script[0] != '\0') {
-
- int ret2 = pam_set_data(pamh, PAM_WINBIND_LOGONSCRIPT,
- (void *) strdup(response.data.auth.info3.logon_script),
- _pam_winbind_cleanup_func);
- if (ret2) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s",
- pam_strerror(pamh, ret2));
- }
- }
-
- /* save the profile path for other PAM modules */
- if (response.data.auth.info3.profile_path[0] != '\0') {
-
- int ret2 = pam_set_data(pamh, PAM_WINBIND_PROFILEPATH,
- (void *) strdup(response.data.auth.info3.profile_path),
- _pam_winbind_cleanup_func);
- if (ret2) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s",
- pam_strerror(pamh, ret2));
- }
- }
+ /* set some info3 info for other modules in the stack */
+ _pam_set_data_info3(pamh, ctrl, &response);
/* If winbindd returned a username, return the pointer to it here. */
if (user_ret && response.extra_data.data) {
@@ -1465,6 +1493,10 @@ out:
pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, NULL, NULL);
}
+ if (retval != PAM_SUCCESS) {
+ _pam_free_data_info3(pamh);
+ }
+
_PAM_LOG_FUNCTION_LEAVE("pam_sm_authenticate", pamh, ctrl, retval);
return retval;
diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h
index d2bf7da9e3..2de7b355fc 100644
--- a/source3/nsswitch/pam_winbind.h
+++ b/source3/nsswitch/pam_winbind.h
@@ -101,6 +101,7 @@ do { \
#define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
#define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
#define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
+#define PAM_WINBIND_LOGONSERVER "PAM_WINBIND_LOGONSERVER"
#define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH"
#define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"