/* now check for the global password policy */
/* good catch from Ralf Haferkamp: an expiry of "never" is translated
* to -1 */
- if (policy->expire <= 0) {
+ if (policy->expire == -1) {
return;
}
const char *user;
wbcErr wbc_status = WBC_ERR_SUCCESS;
+ ZERO_STRUCT(logoff);
+
retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
if (retval) {
goto out;
wbc_flags = WBFLAG_PAM_KRB5 |
WBFLAG_PAM_CONTACT_TRUSTDOM;
- ZERO_STRUCT(logoff);
-
logoff.username = user;
if (ccname) {
user, "wbcLogoffUser");
wbcFreeMemory(error);
wbcFreeMemory(logoff.blobs);
+ logoff.blobs = NULL;
if (!WBC_ERROR_IS_OK(wbc_status)) {
_pam_log(ctx, LOG_INFO,
* Delete the krb5 ccname variable from the PAM environment
* if it was set by winbind.
*/
- if (ctx->ctrl & WINBIND_KRB5_AUTH) {
+ if ((ctx->ctrl & WINBIND_KRB5_AUTH) && pam_getenv(pamh, "KRB5CCNAME")) {
pam_putenv(pamh, "KRB5CCNAME");
}