summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-02-05 17:28:55 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:17:44 -0500
commit1feb961577475dceb97948cd2fdb987005890498 (patch)
treec12e7c73c75108b70b646bcb2e3ee833319b905c /source
parent04feb8e39c3f8a3fecd5cac63e64c38cfc313c95 (diff)
downloadsamba-1feb961577475dceb97948cd2fdb987005890498.tar.gz
samba-1feb961577475dceb97948cd2fdb987005890498.tar.xz
samba-1feb961577475dceb97948cd2fdb987005890498.zip
r21158: Add _pam_setup_krb5_env() and _pam_warn_logon_type() functions for
pam_winbind. Guenther
Diffstat (limited to 'source')
-rw-r--r--source/nsswitch/pam_winbind.c101
1 files changed, 70 insertions, 31 deletions
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index ce98b44b568..44b37b62389 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -743,6 +743,42 @@ out:
}
/**
+ * put krb5ccname variable into environment
+ *
+ * @param pamh PAM handle
+ * @param ctrl PAM winbind options.
+ * @param krb5ccname env variable retrieved from winbindd.
+ *
+ * @return void.
+ */
+
+static void _pam_setup_krb5_env(pam_handle_t *pamh, int ctrl, const char *krb5ccname)
+{
+ char var[PATH_MAX];
+ int ret;
+
+ if (off(ctrl, WINBIND_KRB5_AUTH)) {
+ return;
+ }
+
+ if (!krb5ccname || (strlen(krb5ccname) == 0)) {
+ return;
+ }
+
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "request returned KRB5CCNAME: %s", krb5ccname);
+
+ if (snprintf(var, sizeof(var), "KRB5CCNAME=%s", krb5ccname) == -1) {
+ return;
+ }
+
+ ret = pam_putenv(pamh, var);
+ if (ret) {
+ _pam_log(pamh, ctrl, LOG_ERR, "failed to set KRB5CCNAME to %s: %s",
+ var, pam_strerror(pamh, ret));
+ }
+}
+
+/**
* Set string into the PAM stack.
*
* @param pamh PAM handle
@@ -805,6 +841,36 @@ static void _pam_free_data_info3(pam_handle_t *pamh)
}
/**
+ * Send PAM_ERROR_MSG for cached or grace logons.
+ *
+ * @param pamh PAM handle
+ * @param ctrl PAM winbind options.
+ * @param username User in PAM request.
+ * @param info3_user_flgs Info3 flags containing logon type bits.
+ *
+ * @return void.
+ */
+
+static void _pam_warn_logon_type(pam_handle_t *pamh, int ctrl, const char *username, uint32 info3_user_flgs)
+{
+ /* inform about logon type */
+ if (PAM_WB_GRACE_LOGON(info3_user_flgs)) {
+
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
+ "Grace login. Please change your password as soon you're online again");
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "User %s logged on using grace logon\n", username);
+
+ } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) {
+
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
+ "Logging on using cached account. Network resources can be unavailable");
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "User %s logged on using cached account\n", username);
+ }
+}
+
+/**
* Compose Password Restriction String for a PAM_ERROR_MSG conversation.
*
* @param response The struct winbindd_response.
@@ -956,23 +1022,6 @@ static int winbind_auth_request(pam_handle_t * pamh,
*pwd_last_set = response.data.auth.info3.pass_last_set_time;
}
- if ((ctrl & WINBIND_KRB5_AUTH) &&
- response.data.auth.krb5ccname[0] != '\0') {
-
- char var[PATH_MAX];
-
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "request returned KRB5CCNAME: %s",
- response.data.auth.krb5ccname);
-
- snprintf(var, sizeof(var), "KRB5CCNAME=%s", response.data.auth.krb5ccname);
-
- ret = pam_putenv(pamh, var);
- if (ret != PAM_SUCCESS) {
- _pam_log(pamh, ctrl, LOG_ERR, "failed to set KRB5CCNAME to %s", var);
- return ret;
- }
- }
-
if (p_response) {
/* We want to process the response in the caller. */
*p_response = response;
@@ -1017,24 +1066,14 @@ static int winbind_auth_request(pam_handle_t * pamh,
_pam_warn_password_expires_in_future(pamh, ctrl, &response);
/* inform about logon type */
- if (PAM_WB_GRACE_LOGON(response.data.auth.info3.user_flgs)) {
-
- _make_remark(pamh, ctrl, PAM_ERROR_MSG,
- "Grace login. Please change your password as soon you're online again");
- _pam_log_debug(pamh, ctrl, LOG_DEBUG,
- "User %s logged on using grace logon\n", user);
-
- } else if (PAM_WB_CACHED_LOGON(response.data.auth.info3.user_flgs)) {
-
- _make_remark(pamh, ctrl, PAM_ERROR_MSG,
- "Logging on using cached account. Network resources can be unavailable");
- _pam_log_debug(pamh, ctrl, LOG_DEBUG,
- "User %s logged on using cached account\n", user);
- }
+ _pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs);
/* set some info3 info for other modules in the stack */
_pam_set_data_info3(pamh, ctrl, &response);
+ /* put krb5ccname into env */
+ _pam_setup_krb5_env(pamh, ctrl, response.data.auth.krb5ccname);
+
/* If winbindd returned a username, return the pointer to it here. */
if (user_ret && response.extra_data.data) {
/* We have to trust it's a null terminated string. */
generated by cgit (git 2.34.1) at 2024-11-19 21:41:55 +0000