diff options
| author | Günther Deschner <gd@samba.org> | 2008-08-19 10:59:18 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2008-11-26 10:13:35 +0100 |
| commit | 7fabe63ca28bcda8613b817943471e0d30744ee9 (patch) | |
| tree | 2a2bb89bbb77145ee2853c3e10b369c27a5dde43 /source/nsswitch | |
| parent | ad0d173331e52791eadef1a72b6af54bcce05c50 (diff) | |
| download | samba-7fabe63ca28bcda8613b817943471e0d30744ee9.tar.gz | |
pam_winbind: add wbc_auth_error_to_pam_error().
Guenther
(cherry picked from commit 6e0f91ad93e75f0f00f157c1e8eaab5b4f0f54f3)
Diffstat (limited to 'source/nsswitch')
| -rw-r--r-- | source/nsswitch/pam_winbind.c | 53 |
1 files changed, 45 insertions, 8 deletions
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c index d9a75708778..de369e3cb7e 100644 --- a/source/nsswitch/pam_winbind.c +++ b/source/nsswitch/pam_winbind.c @@ -768,15 +768,9 @@ static int pam_winbind_request(struct pwb_context *ctx, } static int pam_winbind_request_log(struct pwb_context *ctx, - enum winbindd_cmd req_type, - struct winbindd_request *request, - struct winbindd_response *response, + int retval, const char *user) { - int retval; - - retval = pam_winbind_request(ctx, req_type, request, response); - switch (retval) { case PAM_AUTH_ERR: /* incorrect password */ @@ -808,6 +802,7 @@ static int pam_winbind_request_log(struct pwb_context *ctx, return retval; case PAM_SUCCESS: /* Otherwise, the authentication looked good */ +#if 0 switch (req_type) { case WINBINDD_INFO: break; @@ -824,7 +819,7 @@ static int pam_winbind_request_log(struct pwb_context *ctx, "user '%s' OK", user); break; } - +#endif return retval; default: /* we don't know anything about this return value */ @@ -835,6 +830,48 @@ static int pam_winbind_request_log(struct pwb_context *ctx, } } +static int wbc_auth_error_to_pam_error(struct pwb_context *ctx, + struct wbcAuthErrorInfo *e, + wbcErr status, + const char *username, + const char *fn) +{ + int ret = PAM_AUTH_ERR; + + if (WBC_ERROR_IS_OK(status)) { + _pam_log_debug(ctx, LOG_DEBUG, "request %s succeeded", + fn); + ret = PAM_SUCCESS; + return pam_winbind_request_log(ctx, ret, username); + } + + if (e) { + if (e->pam_error != PAM_SUCCESS) { + _pam_log(ctx, LOG_ERR, + "request %s failed: %s, " + "PAM error: %s (%d), NTSTATUS: %s, " + "Error message was: %s", + fn, + wbcErrorString(status), + _pam_error_code_str(e->pam_error), + e->pam_error, + e->nt_string, + e->display_string); + ret = e->pam_error; + return pam_winbind_request_log(ctx, ret, username); + } + + _pam_log(ctx, LOG_ERR, "request %s failed, but PAM error 0!", fn); + + ret = PAM_SERVICE_ERR; + return pam_winbind_request_log(ctx, ret, username); + } + + ret = wbc_error_to_pam_error(status); + return pam_winbind_request_log(ctx, ret, username); +} + + /** * send a password expiry message if required * |