Add new replace check for --version-script

[ira/wip.git] / nsswitch / pam_winbind.c

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index d049bdb1e7d538bce21ac1628be6282c0502f337..545c87d0c4b811b168b0e76bafa1dd0da17484b3 100644 (file)
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -914,7 +914,7 @@ static void _pam_warn_password_expiry(struct pwb_context *ctx,
        /* now check for the global password policy */
        /* good catch from Ralf Haferkamp: an expiry of "never" is translated
         * to -1 */
-       if (policy->expire <= 0) {
+       if (policy->expire == -1) {
                return;
        }
 
@@ -2318,6 +2318,8 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
        const char *user;
        wbcErr wbc_status = WBC_ERR_SUCCESS;
 
+       ZERO_STRUCT(logoff);
+
        retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
        if (retval) {
                goto out;
@@ -2365,8 +2367,6 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
                wbc_flags = WBFLAG_PAM_KRB5 |
                        WBFLAG_PAM_CONTACT_TRUSTDOM;
 
-               ZERO_STRUCT(logoff);
-
                logoff.username         = user;
 
                if (ccname) {
@@ -2406,6 +2406,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
                                                     user, "wbcLogoffUser");
                wbcFreeMemory(error);
                wbcFreeMemory(logoff.blobs);
+               logoff.blobs = NULL;
 
                if (!WBC_ERROR_IS_OK(wbc_status)) {
                        _pam_log(ctx, LOG_INFO,
@@ -2428,7 +2429,7 @@ out:
         * Delete the krb5 ccname variable from the PAM environment
         * if it was set by winbind.
         */
-       if (ctx->ctrl & WINBIND_KRB5_AUTH) {
+       if ((ctx->ctrl & WINBIND_KRB5_AUTH) && pam_getenv(pamh, "KRB5CCNAME")) {
                pam_putenv(pamh, "KRB5CCNAME");
        }