--- samba-3.0.23c/source/nsswitch/pam_winbind.c.validuser 2006-08-23 18:16:37.000000000 +0200 +++ samba-3.0.23c/source/nsswitch/pam_winbind.c 2006-09-14 13:45:27.000000000 +0200 @@ -130,6 +130,40 @@ SAFE_FREE(data); } +/* + * send a winbind request. + * + * return values: + * 1 = request error + * 0 = OK + * -1 = System error + */ +static int _pam_do_winbind_request(enum winbindd_cmd req_type, struct winbindd_request *request, struct winbindd_response *response) { + /* Fill in request and send down pipe */ + init_request(request, req_type); + + if (write_sock(request, sizeof(*request), 0) == -1) { + _pam_log(LOG_ERR, "write to socket failed!"); + close_sock(); + return -1; + } + + /* Wait for reply */ + if (read_reply(response) == -1) { + _pam_log(LOG_ERR, "read from socket failed!"); + close_sock(); + return -1; + } + + /* We are done with the socket - close it and avoid mischeif */ + close_sock(); + + if (response->result != WINBINDD_OK) + return 1; + + return 0; +} + static const struct ntstatus_errors { const char *ntstatus_string; const char *error_string; @@ -225,41 +259,24 @@ struct winbindd_request *request, struct winbindd_response *response) { - /* Fill in request and send down pipe */ - init_request(request, req_type); - - if (write_sock(request, sizeof(*request), 0) == -1) { - _pam_log(LOG_ERR, "write to socket failed!"); - close_sock(); - return PAM_SERVICE_ERR; - } - - /* Wait for reply */ - if (read_reply(response) == -1) { - _pam_log(LOG_ERR, "read from socket failed!"); - close_sock(); - return PAM_SERVICE_ERR; - } + int ret; + if ((ret = _pam_do_winbind_request(req_type, request, response)) == 0) + return PAM_SUCCESS; - /* We are done with the socket - close it and avoid mischeif */ - close_sock(); + if (ret < 0) + return PAM_SERVICE_ERR; - /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - if (response->data.auth.pam_error != PAM_SUCCESS) { - _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s", - response->data.auth.error_string, - pam_strerror(pamh, response->data.auth.pam_error), - response->data.auth.pam_error, - response->data.auth.nt_status_string); - return response->data.auth.pam_error; - } else { - _pam_log(LOG_ERR, "request failed, but PAM error 0!"); - return PAM_SERVICE_ERR; - } - } + if (response->data.auth.pam_error != PAM_SUCCESS) { + _pam_log(LOG_DEBUG, "request failed: %s, PAM error was %s (%d), NT error was %s", + response->data.auth.error_string, + pam_strerror(pamh, response->data.auth.pam_error), + response->data.auth.pam_error, + response->data.auth.nt_status_string); + return response->data.auth.pam_error; + } - return PAM_SUCCESS; + _pam_log(LOG_ERR, "request failed, but PAM error 0!"); + return PAM_SERVICE_ERR; } static int pam_winbind_request_log(pam_handle_t * pamh, @@ -398,7 +415,7 @@ strncpy(sid_request.data.name.name, member, sizeof(sid_request.data.name.name) - 1); - if (pam_winbind_request_log(pamh, ctrl, WINBINDD_LOOKUPNAME, &sid_request, &sid_response, user)) { + if (_pam_do_winbind_request(WINBINDD_LOOKUPNAME, &sid_request, &sid_response) != 0) { _pam_log(LOG_INFO, "could not lookup name: %s\n", member); return PAM_AUTH_ERR; } @@ -612,6 +629,7 @@ return ret; } + /* * Checks if a user has an account * @@ -626,33 +644,16 @@ * sure it's really a winbind user, this is important when stacking PAM * modules in the 'account' or 'password' facility. */ - struct passwd *pwd = NULL; struct winbindd_request request; struct winbindd_response response; - int ret; ZERO_STRUCT(request); ZERO_STRUCT(response); - pwd = getpwnam(user); - if (pwd == NULL) { - return 1; - } - strncpy(request.data.username, user, sizeof(request.data.username) - 1); - ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_GETPWNAM, &request, &response, user); - - switch (ret) { - case PAM_USER_UNKNOWN: - return 1; - case PAM_SUCCESS: - return 0; - default: - break; - } - return -1; + return _pam_do_winbind_request(WINBINDD_GETPWNAM, &request, &response); } static char *_pam_delete(register char *xx)