s3: Don't fail authentication when one or some group of require-membership-of is...

author Bo Yang <boyang@samba.org>

Wed, 14 Oct 2009 22:23:48 +0000 (06:23 +0800)

committer Karolin Seeger <kseeger@samba.org>

Thu, 22 Oct 2009 14:29:28 +0000 (16:29 +0200)
author Bo Yang <boyang@samba.org>
Wed, 14 Oct 2009 22:23:48 +0000 (06:23 +0800)
committer Karolin Seeger <kseeger@samba.org>
Thu, 22 Oct 2009 14:29:28 +0000 (16:29 +0200)
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c

index 132d637d4bfad4ea1779ddc7f18caa392a5c9a86..ab22c7cbb57c3ad0dc042b2e581fdc376871ed0a 100644 (file)
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1053,7 +1053,23 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
                                                 current_name,
                                                 sid_list_buffer,
                                                 sid_list_buffer_size)) {
-                       goto out;
+                       /*
+                        * If one group name failed, we must not fail
+                        * the authentication totally, continue with
+                        * the following group names. If user belongs to
+                        * one of the valid groups, we must allow it
+                        * login. -- BoYang
+                        */
+
+                       _pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, "
+                                "check if group %s is valid group.", current_name,
+                                current_name);
+                       _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+                                       "to sid, please contact your administrator to see "
+                                       "if group %s is valid."), current_name, current_name);
+                       SAFE_FREE(current_name);
+                       search_location = comma + 1;
+                       continue;
                 }
  
                 SAFE_FREE(current_name);
@@ -1069,7 +1085,12 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
         if (!winbind_name_to_sid_string(ctx, user, search_location,
                                         sid_list_buffer,
                                         sid_list_buffer_size)) {
-               goto out;
+               _pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, "
+                        "check if group %s is valid group.", search_location,
+                        search_location);
+               _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+                               "to sid, please contact your administrator to see "
+                               "if group %s is valid."), search_location, search_location);
         }
  
         result = true;
author	Bo Yang <boyang@samba.org>
	Wed, 14 Oct 2009 22:23:48 +0000 (06:23 +0800)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 22 Oct 2009 14:29:28 +0000 (16:29 +0200)