diff options
Diffstat (limited to 'nsswitch/krb5_plugin')
-rw-r--r-- | nsswitch/krb5_plugin/winbind_krb5_localauth.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/nsswitch/krb5_plugin/winbind_krb5_localauth.c b/nsswitch/krb5_plugin/winbind_krb5_localauth.c index f87b19abed6..293f5297ca8 100644 --- a/nsswitch/krb5_plugin/winbind_krb5_localauth.c +++ b/nsswitch/krb5_plugin/winbind_krb5_localauth.c @@ -98,14 +98,12 @@ static krb5_error_code winbind_userok(krb5_context context, cmp = strcasecmp(princ_str, lname); if (cmp == 0) { - krb5_free_unparsed_name(context, princ_str); - return 0; + goto out; } wbc_status = wbcCtxGetpwnam(data->wbc_ctx, princ_str, &pwd); - krb5_free_unparsed_name(context, princ_str); switch (wbc_status) { case WBC_ERR_SUCCESS: princ_uid = pwd->pw_uid; @@ -123,7 +121,7 @@ static krb5_error_code winbind_userok(krb5_context context, } wbcFreeMemory(pwd); if (code != 0) { - return code; + goto out; } wbc_status = wbcCtxGetpwnam(data->wbc_ctx, @@ -145,13 +143,26 @@ static krb5_error_code winbind_userok(krb5_context context, } wbcFreeMemory(pwd); if (code != 0) { - return code; + goto out; } if (princ_uid != lname_uid) { code = EPERM; } + com_err("winbind_localauth", + code, + "Access %s: %s (uid=%u) %sequal to %s (uid=%u)", + code == 0 ? "granted" : "denied", + princ_str, + (unsigned int)princ_uid, + code == 0 ? "" : "not ", + lname, + (unsigned int)lname_uid); + +out: + krb5_free_unparsed_name(context, princ_str); + return code; } |