sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

r18158: Stop winbindd from accumulating memory creds infinitely when doing

Browse Source 
pam offline logons.

Guenther
(This used to be commit 95788cb291b89b431972e29e148b412992cc32a5)
This commit is contained in:
Günther Deschner 2006-09-06 10:59:39 +00:00 committed by Gerald (Jerry) Carter
parent bf7fcdffa3
commit 030cf71d61
2 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source3/nsswitch/pam_winbind.c
View File

@ -1152,15 +1152,15 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
ccname = pam_getenv(pamh, "KRB5CCNAME");
if (ccname == NULL) {
_pam_log_debug(ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment");
retval = PAM_SUCCESS;
goto out;
}
strncpy(request.data.logoff.user, user,
sizeof(request.data.logoff.user) - 1);
strncpy(request.data.logoff.krb5ccname, ccname,
sizeof(request.data.logoff.krb5ccname) - 1);
if (ccname) {
strncpy(request.data.logoff.krb5ccname, ccname,
sizeof(request.data.logoff.krb5ccname) - 1);
}
pwd = getpwnam(user);
if (pwd == NULL) {

33
source3/nsswitch/winbindd_pam.c
View File

@ -1865,22 +1865,26 @@ void winbindd_pam_logoff(struct winbindd_cli_state *state)
state->request.data.logoff.krb5ccname
[sizeof(state->request.data.logoff.krb5ccname)-1]='\0';
parse_domain_user(state->request.data.logoff.user, name_domain, user);
if (!parse_domain_user(state->request.data.logoff.user, name_domain, user)) {
goto failed;
}
domain = find_auth_domain(state, name_domain);
if (domain == NULL) {
set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
DEBUG(5, ("Pam Logoff for %s returned %s "
"(PAM: %d)\n",
state->request.data.auth.user,
state->response.data.auth.nt_status_string,
state->response.data.auth.pam_error));
request_error(state);
return;
if ((domain = find_auth_domain(state, name_domain)) == NULL) {
goto failed;
}
sendto_domain(state, domain);
return;
failed:
set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
DEBUG(5, ("Pam Logoff for %s returned %s "
"(PAM: %d)\n",
state->request.data.auth.user,
state->response.data.auth.nt_status_string,
state->response.data.auth.pam_error));
request_error(state);
return;
}
enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
@ -1899,6 +1903,11 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
goto process_result;
}
if (state->request.data.logoff.krb5ccname[0] == '\0') {
result = NT_STATUS_OK;
goto process_result;
}
#ifdef HAVE_KRB5
if (state->request.data.logoff.uid < 0) {