mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
pam: map more NT password errors to PAM errors
NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION, NT_STATUS_PWD_HISTORY_CONFLICT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_TOO_SHORT now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is the closest match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
dcd4fed82d
commit
69f10080c3
@ -71,11 +71,15 @@ static const struct {
|
|||||||
{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
|
{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
|
||||||
{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
|
{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
|
||||||
{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
|
{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
|
||||||
|
{NT_STATUS_ACCOUNT_DISABLED, PAM_ACCT_EXPIRED},
|
||||||
{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
|
{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
|
||||||
{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
|
{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
|
||||||
{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
|
{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
|
||||||
{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
|
{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
|
||||||
{NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
|
{NT_STATUS_PASSWORD_RESTRICTION, PAM_AUTHTOK_ERR},
|
||||||
|
{NT_STATUS_PWD_HISTORY_CONFLICT, PAM_AUTHTOK_ERR},
|
||||||
|
{NT_STATUS_PWD_TOO_RECENT, PAM_AUTHTOK_ERR},
|
||||||
|
{NT_STATUS_PWD_TOO_SHORT, PAM_AUTHTOK_ERR},
|
||||||
{NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
|
{NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
|
||||||
{NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
|
{NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
|
||||||
{NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
|
{NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
|
||||||
|
@ -775,6 +775,11 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
|
|||||||
return PAM_IGNORE;
|
return PAM_IGNORE;
|
||||||
}
|
}
|
||||||
return retval;
|
return retval;
|
||||||
|
case PAM_AUTHTOK_ERR:
|
||||||
|
/* Authentication token manipulation error */
|
||||||
|
_pam_log(ctx, LOG_WARNING, "user `%s' authentication token change failed "
|
||||||
|
"(pwd complexity/history/min_age not met?)", user);
|
||||||
|
return retval;
|
||||||
case PAM_SUCCESS:
|
case PAM_SUCCESS:
|
||||||
/* Otherwise, the authentication looked good */
|
/* Otherwise, the authentication looked good */
|
||||||
if (strcmp(fn, "wbcLogonUser") == 0) {
|
if (strcmp(fn, "wbcLogonUser") == 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user