Commit 0702d237 authored by Mathieu Parent's avatar Mathieu Parent

nsswitch: Add try_authtok option to pam_winbind

Same as the use_authtok option, except that if the new password is not
valid, PAM will prompt for a password.

Bug-Debian: https://bugs.debian.org/858923
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944Signed-off-by: Mathieu Parent's avatarMathieu Parent <math.parent@gmail.com>
Reviewed-by: 's avatarAndreas Schneider <asn@samba.org>
Reviewed-by: 's avatarGuenther Deschner <gd@samba.org>
(cherry picked from commit ad5debcb)
parent 7c170cd2
......@@ -122,6 +122,14 @@
</para></listitem>
</varlistentry>
<varlistentry>
<term>try_authtok</term>
<listitem><para>
Same as the use_authtok option (previous item), except that if the new password is not
valid, PAM will prompt for a password.
</para></listitem>
</varlistentry>
<varlistentry>
<term>krb5_auth</term>
<listitem><para>
......
......@@ -492,6 +492,8 @@ config_from_pam:
ctrl |= WINBIND_SILENT;
else if (!strcasecmp(*v, "use_authtok"))
ctrl |= WINBIND_USE_AUTHTOK_ARG;
else if (!strcasecmp(*v, "try_authtok"))
ctrl |= WINBIND_TRY_AUTHTOK_ARG;
else if (!strcasecmp(*v, "use_first_pass"))
ctrl |= WINBIND_USE_FIRST_PASS_ARG;
else if (!strcasecmp(*v, "try_first_pass"))
......@@ -3181,6 +3183,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
if (on(WINBIND_USE_AUTHTOK_ARG, lctrl)) {
lctrl |= WINBIND_USE_FIRST_PASS_ARG;
}
if (on(WINBIND_TRY_AUTHTOK_ARG, lctrl)) {
lctrl |= WINBIND_TRY_FIRST_PASS_ARG;
}
retry = 0;
ret = PAM_AUTHTOK_ERR;
while ((ret != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
......
......@@ -156,6 +156,7 @@ do { \
#define WINBIND_DEBUG_STATE 0x00001000
#define WINBIND_WARN_PWD_EXPIRE 0x00002000
#define WINBIND_MKHOMEDIR 0x00004000
#define WINBIND_TRY_AUTHTOK_ARG 0x00008000
#if defined(HAVE_GETTEXT) && !defined(__LCLINT__)
#define _(string) dgettext(MODULE_NAME, string)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment