winbindd: kill some trailing/leading whitespace.

[kai/samba.git] / source3 / winbindd / winbindd_pam.c
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c

index 0f9f1e1621009cecce5f4810186a07dab37b4f37..01cdc4d2e967e8d588785a1e520891c37e41d830 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -310,8 +310,8 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
  
         TALLOC_FREE(frame);
  
  
         TALLOC_FREE(frame);
  
-       status = sid_array_from_info3(mem_ctx, info3, 
-                                     &token->user_sids, 
+       status = sid_array_from_info3(mem_ctx, info3,
+                                     &token->user_sids,
                                       &token->num_sids,
                                       true, false);
         if (!NT_STATUS_IS_OK(status)) {
                                       &token->num_sids,
                                       true, false);
         if (!NT_STATUS_IS_OK(status)) {
@@ -338,13 +338,13 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
                         return NT_STATUS_OK;
                 }
         }
                         return NT_STATUS_OK;
                 }
         }
-       
+
         /* Do not distinguish this error from a wrong username/pw */
  
         return NT_STATUS_LOGON_FAILURE;
  }
  
         /* Do not distinguish this error from a wrong username/pw */
  
         return NT_STATUS_LOGON_FAILURE;
  }
  
-struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state, 
+struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
                                         const char *domain_name)
  {
         struct winbindd_domain *domain;
                                         const char *domain_name)
  {
         struct winbindd_domain *domain;
@@ -353,7 +353,7 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
                 domain = find_domain_from_name_noinit(domain_name);
                 if (domain == NULL) {
                         DEBUG(3, ("Authentication for domain [%s] refused "
                 domain = find_domain_from_name_noinit(domain_name);
                 if (domain == NULL) {
                         DEBUG(3, ("Authentication for domain [%s] refused "
-                                 "as it is not a trusted domain\n", 
+                                 "as it is not a trusted domain\n",
                                   domain_name));
                 }
                 return domain;
                                   domain_name));
                 }
                 return domain;
@@ -370,12 +370,12 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
         if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
                 domain = find_domain_from_name_noinit(domain_name);
                 if (domain == NULL) {
         if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
                 domain = find_domain_from_name_noinit(domain_name);
                 if (domain == NULL) {
-                       DEBUG(3, ("Authentication for domain [%s] skipped " 
-                                 "as it is not a trusted domain\n", 
+                       DEBUG(3, ("Authentication for domain [%s] skipped "
+                                 "as it is not a trusted domain\n",
                                   domain_name));
                 } else {
                         return domain;
                                   domain_name));
                 } else {
                         return domain;
-               } 
+               }
         }
  
         return find_our_domain();
         }
  
         return find_our_domain();
@@ -387,7 +387,7 @@ static void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
         fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
  
         /* we might have given a more useful error above */
         fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
  
         /* we might have given a more useful error above */
-       if (*resp->data.auth.error_string == '\0') 
+       if (*resp->data.auth.error_string == '\0')
                 fstrcpy(resp->data.auth.error_string,
                         get_friendly_nt_error_msg(result));
         resp->data.auth.pam_error = nt_status_to_pam(result);
                 fstrcpy(resp->data.auth.error_string,
                         get_friendly_nt_error_msg(result));
         resp->data.auth.pam_error = nt_status_to_pam(result);
@@ -402,9 +402,9 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
  
         if ( !winbindd_can_contact_domain( domain ) ) {
                 DEBUG(5,("fillup_password_policy: No inbound trust to "
  
         if ( !winbindd_can_contact_domain( domain ) ) {
                 DEBUG(5,("fillup_password_policy: No inbound trust to "
-                        "contact domain %s\n", domain->name));         
+                        "contact domain %s\n", domain->name));
                 return NT_STATUS_NOT_SUPPORTED;
                 return NT_STATUS_NOT_SUPPORTED;
-       }       
+       }
  
         methods = domain->methods;
  
  
         methods = domain->methods;
  
@@ -427,8 +427,8 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
         return NT_STATUS_OK;
  }
  
         return NT_STATUS_OK;
  }
  
-static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain, 
-                                                        TALLOC_CTX *mem_ctx, 
+static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain,
+                                                        TALLOC_CTX *mem_ctx,
                                                          uint16 *lockout_threshold)
  {
         struct winbindd_methods *methods;
                                                          uint16 *lockout_threshold)
  {
         struct winbindd_methods *methods;
@@ -449,8 +449,8 @@ static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain
         return NT_STATUS_OK;
  }
  
         return NT_STATUS_OK;
  }
  
-static NTSTATUS get_pwd_properties(struct winbindd_domain *domain, 
-                                  TALLOC_CTX *mem_ctx, 
+static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
+                                  TALLOC_CTX *mem_ctx,
                                    uint32 *password_properties)
  {
         struct winbindd_methods *methods;
                                    uint32 *password_properties)
  {
         struct winbindd_methods *methods;
@@ -473,7 +473,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
  
  #ifdef HAVE_KRB5
  
  
  #ifdef HAVE_KRB5
  
-static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx, 
+static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
                                         const char *type,
                                         uid_t uid,
                                         bool *internal_ccache)
                                         const char *type,
                                         uid_t uid,
                                         bool *internal_ccache)
@@ -532,11 +532,11 @@ static void setup_return_cc_name(struct winbindd_cli_state *state, const char *c
  
         if (!strequal(type, "FILE") &&
             !strequal(type, "WRFILE")) {
  
         if (!strequal(type, "FILE") &&
             !strequal(type, "WRFILE")) {
-               DEBUG(10,("won't return krbccname for a %s type ccache\n", 
+               DEBUG(10,("won't return krbccname for a %s type ccache\n",
                         type));
                 return;
         }
                         type));
                 return;
         }
-       
+
         fstrcpy(state->response.data.auth.krb5ccname, cc);
  }
  
         fstrcpy(state->response.data.auth.krb5ccname, cc);
  }
  
@@ -582,8 +582,8 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
         ZERO_STRUCTP(info3);
  
         *info3 = NULL;
         ZERO_STRUCTP(info3);
  
         *info3 = NULL;
-       
-       /* 1st step: 
+
+       /* 1st step:
          * prepare a krb5_cc_cache string for the user */
  
         uid = get_uid_from_state(state);
          * prepare a krb5_cc_cache string for the user */
  
         uid = get_uid_from_state(state);
@@ -593,31 +593,31 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
  
         cc = generate_krb5_ccache(state->mem_ctx,
                                   state->request.data.auth.krb5_cc_type,
  
         cc = generate_krb5_ccache(state->mem_ctx,
                                   state->request.data.auth.krb5_cc_type,
-                                 state->request.data.auth.uid, 
+                                 state->request.data.auth.uid,
                                   &internal_ccache);
         if (cc == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
  
  
                                   &internal_ccache);
         if (cc == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
  
  
-       /* 2nd step: 
+       /* 2nd step:
          * get kerberos properties */
          * get kerberos properties */
-       
+
         if (domain->private_data) {
                 ads = (ADS_STRUCT *)domain->private_data;
         if (domain->private_data) {
                 ads = (ADS_STRUCT *)domain->private_data;
-               time_offset = ads->auth.time_offset; 
+               time_offset = ads->auth.time_offset;
         }
  
  
         }
  
  
-       /* 3rd step: 
+       /* 3rd step:
          * do kerberos auth and setup ccache as the user */
  
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
         realm = domain->alt_name;
         strupper_m(realm);
          * do kerberos auth and setup ccache as the user */
  
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
         realm = domain->alt_name;
         strupper_m(realm);
-       
-       principal_s = talloc_asprintf(state->mem_ctx, "%s@%s", name_user, realm); 
+
+       principal_s = talloc_asprintf(state->mem_ctx, "%s@%s", name_user, realm);
         if (principal_s == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
         if (principal_s == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
@@ -665,7 +665,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
          * environment */
  
         if (!internal_ccache) {
          * environment */
  
         if (!internal_ccache) {
-               
+
                 setup_return_cc_name(state, cc);
  
                 result = add_ccache_to_list(principal_s,
                 setup_return_cc_name(state, cc);
  
                 result = add_ccache_to_list(principal_s,
@@ -676,11 +676,11 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
                                             uid,
                                             time(NULL),
                                             ticket_lifetime,
                                             uid,
                                             time(NULL),
                                             ticket_lifetime,
-                                           renewal_until, 
+                                           renewal_until,
                                             False);
  
                 if (!NT_STATUS_IS_OK(result)) {
                                             False);
  
                 if (!NT_STATUS_IS_OK(result)) {
-                       DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n", 
+                       DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n",
                                 nt_errstr(result)));
                 }
         } else {
                                 nt_errstr(result)));
                 }
         } else {
@@ -836,7 +836,7 @@ void winbindd_pam_auth(struct winbindd_cli_state *state)
         }
  
         /* Parse domain and username */
         }
  
         /* Parse domain and username */
-       
+
         ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
  
         if (!canonicalize_username(state->request.data.auth.user,
         ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
  
         if (!canonicalize_username(state->request.data.auth.user,
@@ -869,7 +869,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                                        struct netr_SamInfo3 **info3)
  {
         NTSTATUS result = NT_STATUS_LOGON_FAILURE;
                                        struct netr_SamInfo3 **info3)
  {
         NTSTATUS result = NT_STATUS_LOGON_FAILURE;
-       uint16 max_allowed_bad_attempts; 
+       uint16 max_allowed_bad_attempts;
         fstring name_domain, name_user;
         DOM_SID sid;
         enum lsa_SidType type;
         fstring name_domain, name_user;
         DOM_SID sid;
         enum lsa_SidType type;
@@ -890,7 +890,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
         DEBUG(10,("winbindd_dual_pam_auth_cached\n"));
  
         /* Parse domain and username */
         DEBUG(10,("winbindd_dual_pam_auth_cached\n"));
  
         /* Parse domain and username */
-       
+
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
  
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
  
@@ -908,10 +908,10 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                 return NT_STATUS_LOGON_FAILURE;
         }
  
                 return NT_STATUS_LOGON_FAILURE;
         }
  
-       result = winbindd_get_creds(domain, 
-                                   state->mem_ctx, 
-                                   &sid, 
-                                   &my_info3, 
+       result = winbindd_get_creds(domain,
+                                   state->mem_ctx,
+                                   &sid,
+                                   &my_info3,
                                     &cached_nt_pass,
                                     &cached_salt);
         if (!NT_STATUS_IS_OK(result)) {
                                     &cached_nt_pass,
                                     &cached_salt);
         if (!NT_STATUS_IS_OK(result)) {
@@ -947,31 +947,31 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
  
                 /* User *DOES* know the password, update logon_time and reset
                  * bad_pw_count */
  
                 /* User *DOES* know the password, update logon_time and reset
                  * bad_pw_count */
-       
+
                 my_info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
                 my_info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
-       
+
                 if (my_info3->base.acct_flags & ACB_AUTOLOCK) {
                         return NT_STATUS_ACCOUNT_LOCKED_OUT;
                 }
                 if (my_info3->base.acct_flags & ACB_AUTOLOCK) {
                         return NT_STATUS_ACCOUNT_LOCKED_OUT;
                 }
-       
+
                 if (my_info3->base.acct_flags & ACB_DISABLED) {
                         return NT_STATUS_ACCOUNT_DISABLED;
                 }
                 if (my_info3->base.acct_flags & ACB_DISABLED) {
                         return NT_STATUS_ACCOUNT_DISABLED;
                 }
-       
+
                 if (my_info3->base.acct_flags & ACB_WSTRUST) {
                         return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
                 }
                 if (my_info3->base.acct_flags & ACB_WSTRUST) {
                         return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
                 }
-       
+
                 if (my_info3->base.acct_flags & ACB_SVRTRUST) {
                         return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
                 }
                 if (my_info3->base.acct_flags & ACB_SVRTRUST) {
                         return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
                 }
-       
+
                 if (my_info3->base.acct_flags & ACB_DOMTRUST) {
                         return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
                 }
  
                 if (!(my_info3->base.acct_flags & ACB_NORMAL)) {
                 if (my_info3->base.acct_flags & ACB_DOMTRUST) {
                         return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
                 }
  
                 if (!(my_info3->base.acct_flags & ACB_NORMAL)) {
-                       DEBUG(0,("winbindd_dual_pam_auth_cached: whats wrong with that one?: 0x%08x\n", 
+                       DEBUG(0,("winbindd_dual_pam_auth_cached: whats wrong with that one?: 0x%08x\n",
                                 my_info3->base.acct_flags));
                         return NT_STATUS_LOGON_FAILURE;
                 }
                                 my_info3->base.acct_flags));
                         return NT_STATUS_LOGON_FAILURE;
                 }
@@ -988,7 +988,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                         /* return NT_STATUS_PASSWORD_EXPIRED; */
                         goto success;
                 }
                         /* return NT_STATUS_PASSWORD_EXPIRED; */
                         goto success;
                 }
-       
+
  #ifdef HAVE_KRB5
                 if ((state->request.flags & WBFLAG_PAM_KRB5) &&
                     ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
  #ifdef HAVE_KRB5
                 if ((state->request.flags & WBFLAG_PAM_KRB5) &&
                     ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
@@ -1113,7 +1113,7 @@ failed:
                                                 my_info3);
  
         if (!NT_STATUS_IS_OK(result)) {
                                                 my_info3);
  
         if (!NT_STATUS_IS_OK(result)) {
-               DEBUG(0,("winbindd_dual_pam_auth_cached: failed to update creds %s\n", 
+               DEBUG(0,("winbindd_dual_pam_auth_cached: failed to update creds %s\n",
                         nt_errstr(result)));
         }
  
                         nt_errstr(result)));
         }
  
@@ -1121,7 +1121,7 @@ failed:
  }
  
  NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
  }
  
  NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
-                                        struct winbindd_cli_state *state, 
+                                        struct winbindd_cli_state *state,
                                          struct netr_SamInfo3 **info3)
  {
         struct winbindd_domain *contact_domain;
                                          struct netr_SamInfo3 **info3)
  {
         struct winbindd_domain *contact_domain;
@@ -1129,38 +1129,38 @@ NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
         NTSTATUS result;
  
         DEBUG(10,("winbindd_dual_pam_auth_kerberos\n"));
         NTSTATUS result;
  
         DEBUG(10,("winbindd_dual_pam_auth_kerberos\n"));
-       
+
         /* Parse domain and username */
         /* Parse domain and username */
-       
+
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
         /* what domain should we contact? */
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
         /* what domain should we contact? */
-       
+
         if ( IS_DC ) {
                 if (!(contact_domain = find_domain_from_name(name_domain))) {
         if ( IS_DC ) {
                 if (!(contact_domain = find_domain_from_name(name_domain))) {
-                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n", 
-                                 state->request.data.auth.user, name_domain, name_user, name_domain)); 
+                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+                                 state->request.data.auth.user, name_domain, name_user, name_domain));
                         result = NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
                         result = NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
-               
+
         } else {
                 if (is_myname(name_domain)) {
                         DEBUG(3, ("Authentication for domain %s (local domain to this server) not supported at this stage\n", name_domain));
                         result =  NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
         } else {
                 if (is_myname(name_domain)) {
                         DEBUG(3, ("Authentication for domain %s (local domain to this server) not supported at this stage\n", name_domain));
                         result =  NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
-               
+
                 contact_domain = find_domain_from_name(name_domain);
                 if (contact_domain == NULL) {
                 contact_domain = find_domain_from_name(name_domain);
                 if (contact_domain == NULL) {
-                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n", 
-                                 state->request.data.auth.user, name_domain, name_user, name_domain)); 
+                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+                                 state->request.data.auth.user, name_domain, name_user, name_domain));
  
                         contact_domain = find_our_domain();
                 }
         }
  
  
                         contact_domain = find_our_domain();
                 }
         }
  
-       if (contact_domain->initialized && 
+       if (contact_domain->initialized &&
             contact_domain->active_directory) {
                 goto try_login;
         }
             contact_domain->active_directory) {
                 goto try_login;
         }
@@ -1212,13 +1212,13 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
         *info3 = NULL;
  
         DEBUG(10,("winbindd_dual_pam_auth_samlogon\n"));
         *info3 = NULL;
  
         DEBUG(10,("winbindd_dual_pam_auth_samlogon\n"));
-       
+
         /* Parse domain and username */
         /* Parse domain and username */
-       
+
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
         /* do password magic */
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
  
         /* do password magic */
-       
+
  
         generate_random_buffer(chal, 8);
         if (lp_client_ntlmv2_auth()) {
  
         generate_random_buffer(chal, 8);
         if (lp_client_ntlmv2_auth()) {
@@ -1226,17 +1226,17 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                 DATA_BLOB names_blob;
                 DATA_BLOB nt_response;
                 DATA_BLOB lm_response;
                 DATA_BLOB names_blob;
                 DATA_BLOB nt_response;
                 DATA_BLOB lm_response;
-               server_chal = data_blob_talloc(state->mem_ctx, chal, 8); 
-               
+               server_chal = data_blob_talloc(state->mem_ctx, chal, 8);
+
                 /* note that the 'workgroup' here is a best guess - we don't know
                    the server's domain at this point.  The 'server name' is also
                 /* note that the 'workgroup' here is a best guess - we don't know
                    the server's domain at this point.  The 'server name' is also
-                  dodgy... 
+                  dodgy...
                 */
                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
                 */
                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
-               
-               if (!SMBNTLMv2encrypt(name_user, name_domain, 
-                                     state->request.data.auth.pass, 
-                                     &server_chal, 
+
+               if (!SMBNTLMv2encrypt(name_user, name_domain,
+                                     state->request.data.auth.pass,
+                                     &server_chal,
                                       &names_blob,
                                       &lm_response, &nt_response, NULL)) {
                         data_blob_free(&names_blob);
                                       &names_blob,
                                       &lm_response, &nt_response, NULL)) {
                         data_blob_free(&names_blob);
@@ -1255,35 +1255,35 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                 data_blob_free(&nt_response);
  
         } else {
                 data_blob_free(&nt_response);
  
         } else {
-               if (lp_client_lanman_auth() 
-                   && SMBencrypt(state->request.data.auth.pass, 
-                                 chal, 
+               if (lp_client_lanman_auth()
+                   && SMBencrypt(state->request.data.auth.pass,
+                                 chal,
                                   local_lm_response)) {
                                   local_lm_response)) {
-                       lm_resp = data_blob_talloc(state->mem_ctx, 
-                                                  local_lm_response, 
+                       lm_resp = data_blob_talloc(state->mem_ctx,
+                                                  local_lm_response,
                                                    sizeof(local_lm_response));
                 } else {
                         lm_resp = data_blob_null;
                 }
                                                    sizeof(local_lm_response));
                 } else {
                         lm_resp = data_blob_null;
                 }
-               SMBNTencrypt(state->request.data.auth.pass, 
+               SMBNTencrypt(state->request.data.auth.pass,
                              chal,
                              local_nt_response);
  
                              chal,
                              local_nt_response);
  
-               nt_resp = data_blob_talloc(state->mem_ctx, 
-                                          local_nt_response, 
+               nt_resp = data_blob_talloc(state->mem_ctx,
+                                          local_nt_response,
                                            sizeof(local_nt_response));
         }
                                            sizeof(local_nt_response));
         }
-       
+
         /* what domain should we contact? */
         /* what domain should we contact? */
-       
+
         if ( IS_DC ) {
                 if (!(contact_domain = find_domain_from_name(name_domain))) {
         if ( IS_DC ) {
                 if (!(contact_domain = find_domain_from_name(name_domain))) {
-                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n", 
-                                 state->request.data.auth.user, name_domain, name_user, name_domain)); 
+                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+                                 state->request.data.auth.user, name_domain, name_user, name_domain));
                         result = NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
                         result = NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
-               
+
         } else {
                 if (is_myname(name_domain)) {
                         DEBUG(3, ("Authentication for domain %s (local domain to this server) not supported at this stage\n", name_domain));
         } else {
                 if (is_myname(name_domain)) {
                         DEBUG(3, ("Authentication for domain %s (local domain to this server) not supported at this stage\n", name_domain));
@@ -1312,7 +1312,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                 /* It is really important to try SamLogonEx here,
                  * because in a clustered environment, we want to use
                  * one machine account from multiple physical
                 /* It is really important to try SamLogonEx here,
                  * because in a clustered environment, we want to use
                  * one machine account from multiple physical
-                * computers.  
+                * computers.
                  *
                  * With a normal SamLogon call, we must keep the
                  * credentials chain updated and intact between all
                  *
                  * With a normal SamLogon call, we must keep the
                  * credentials chain updated and intact between all
@@ -1326,7 +1326,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                  * When using SamLogonEx, the credentials are not
                  * supplied, but the session key is implied by the
                  * wrapping SamLogon context.
                  * When using SamLogonEx, the credentials are not
                  * supplied, but the session key is implied by the
                  * wrapping SamLogon context.
-                * 
+                *
                  *  -- abartlet 21 April 2008
                  */
  
                  *  -- abartlet 21 April 2008
                  */
  
@@ -1364,12 +1364,12 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                         retry = True;
                         continue;
                 }
                         retry = True;
                         continue;
                 }
-               
+
                 /* if we get access denied, a possible cause was that we had
                    and open connection to the DC, but someone changed our
                    machine account password out from underneath us using 'net
                    rpc changetrustpw' */
                 /* if we get access denied, a possible cause was that we had
                    and open connection to the DC, but someone changed our
                    machine account password out from underneath us using 'net
                    rpc changetrustpw' */
-                  
+
                 if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
                         DEBUG(3,("winbindd_pam_auth: sam_logon returned "
                                  "ACCESS_DENIED.  Maybe the trust account "
                 if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
                         DEBUG(3,("winbindd_pam_auth: sam_logon returned "
                                  "ACCESS_DENIED.  Maybe the trust account "
@@ -1378,15 +1378,15 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                                 name_domain));
                         invalidate_cm_connection(&contact_domain->conn);
                         retry = True;
                                 name_domain));
                         invalidate_cm_connection(&contact_domain->conn);
                         retry = True;
-               } 
-               
+               }
+
         } while ( (attempts < 2) && retry );
  
         /* handle the case where a NT4 DC does not fill in the acct_flags in
          * the samlogon reply info3. When accurate info3 is required by the
          * caller, we look up the account flags ourselve - gd */
  
         } while ( (attempts < 2) && retry );
  
         /* handle the case where a NT4 DC does not fill in the acct_flags in
          * the samlogon reply info3. When accurate info3 is required by the
          * caller, we look up the account flags ourselve - gd */
  
-       if ((state->request.flags & WBFLAG_PAM_INFO3_TEXT) && 
+       if ((state->request.flags & WBFLAG_PAM_INFO3_TEXT) &&
             NT_STATUS_IS_OK(result) && (my_info3->base.acct_flags == 0)) {
  
                 struct rpc_pipe_client *samr_pipe;
             NT_STATUS_IS_OK(result) && (my_info3->base.acct_flags == 0)) {
  
                 struct rpc_pipe_client *samr_pipe;
@@ -1395,11 +1395,11 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
                 NTSTATUS status_tmp;
                 uint32 acct_flags;
  
                 NTSTATUS status_tmp;
                 uint32 acct_flags;
  
-               status_tmp = cm_connect_sam(contact_domain, state->mem_ctx, 
+               status_tmp = cm_connect_sam(contact_domain, state->mem_ctx,
                                             &samr_pipe, &samr_domain_handle);
  
                 if (!NT_STATUS_IS_OK(status_tmp)) {
                                             &samr_pipe, &samr_domain_handle);
  
                 if (!NT_STATUS_IS_OK(status_tmp)) {
-                       DEBUG(3, ("could not open handle to SAMR pipe: %s\n", 
+                       DEBUG(3, ("could not open handle to SAMR pipe: %s\n",
                                 nt_errstr(status_tmp)));
                         goto done;
                 }
                                 nt_errstr(status_tmp)));
                         goto done;
                 }
@@ -1448,10 +1448,10 @@ done:
  }
  
  enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
  }
  
  enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
-                                           struct winbindd_cli_state *state) 
+                                           struct winbindd_cli_state *state)
  {
         NTSTATUS result = NT_STATUS_LOGON_FAILURE;
  {
         NTSTATUS result = NT_STATUS_LOGON_FAILURE;
-       NTSTATUS krb5_result = NT_STATUS_OK;    
+       NTSTATUS krb5_result = NT_STATUS_OK;
         fstring name_domain, name_user;
         struct netr_SamInfo3 *info3 = NULL;
  
         fstring name_domain, name_user;
         struct netr_SamInfo3 *info3 = NULL;
  
@@ -1470,7 +1470,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
         }
  
         /* Parse domain and username */
         }
  
         /* Parse domain and username */
-       
+
         ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
  
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
         ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
  
         parse_domain_user(state->request.data.auth.user, name_domain, name_user);
@@ -1494,11 +1494,11 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
  
         /* Check for Kerberos authentication */
         if (domain->online && (state->request.flags & WBFLAG_PAM_KRB5)) {
  
         /* Check for Kerberos authentication */
         if (domain->online && (state->request.flags & WBFLAG_PAM_KRB5)) {
-       
+
                 result = winbindd_dual_pam_auth_kerberos(domain, state, &info3);
                 /* save for later */
                 krb5_result = result;
                 result = winbindd_dual_pam_auth_kerberos(domain, state, &info3);
                 /* save for later */
                 krb5_result = result;
-               
+
  
                 if (NT_STATUS_IS_OK(result)) {
                         DEBUG(10,("winbindd_dual_pam_auth_kerberos succeeded\n"));
  
                 if (NT_STATUS_IS_OK(result)) {
                         DEBUG(10,("winbindd_dual_pam_auth_kerberos succeeded\n"));
@@ -1512,7 +1512,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
                     NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
                         DEBUG(10,("winbindd_dual_pam_auth_kerberos setting domain to offline\n"));
                         set_domain_offline( domain );
                     NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
                         DEBUG(10,("winbindd_dual_pam_auth_kerberos setting domain to offline\n"));
                         set_domain_offline( domain );
-                       goto cached_logon;                      
+                       goto cached_logon;
                 }
  
                 /* there are quite some NT_STATUS errors where there is no
                 }
  
                 /* there are quite some NT_STATUS errors where there is no
@@ -1531,7 +1531,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
                     NT_STATUS_EQUAL(result, NT_STATUS_WRONG_PASSWORD)) {
                         goto process_result;
                 }
                     NT_STATUS_EQUAL(result, NT_STATUS_WRONG_PASSWORD)) {
                         goto process_result;
                 }
-               
+
                 if (state->request.flags & WBFLAG_PAM_FALLBACK_AFTER_KRB5) {
                         DEBUG(3,("falling back to samlogon\n"));
                         goto sam_logon;
                 if (state->request.flags & WBFLAG_PAM_FALLBACK_AFTER_KRB5) {
                         DEBUG(3,("falling back to samlogon\n"));
                         goto sam_logon;
@@ -1544,7 +1544,7 @@ sam_logon:
         /* Check for Samlogon authentication */
         if (domain->online) {
                 result = winbindd_dual_pam_auth_samlogon(domain, state, &info3);
         /* Check for Samlogon authentication */
         if (domain->online) {
                 result = winbindd_dual_pam_auth_samlogon(domain, state, &info3);
-       
+
                 if (NT_STATUS_IS_OK(result)) {
                         DEBUG(10,("winbindd_dual_pam_auth_samlogon succeeded\n"));
                         /* add the Krb5 err if we have one */
                 if (NT_STATUS_IS_OK(result)) {
                         DEBUG(10,("winbindd_dual_pam_auth_samlogon succeeded\n"));
                         /* add the Krb5 err if we have one */
@@ -1552,18 +1552,18 @@ sam_logon:
                                 info3->base.user_flags |= LOGON_KRB5_FAIL_CLOCK_SKEW;
                         }
                         goto process_result;
                                 info3->base.user_flags |= LOGON_KRB5_FAIL_CLOCK_SKEW;
                         }
                         goto process_result;
-               } 
+               }
  
  
-                       DEBUG(10,("winbindd_dual_pam_auth_samlogon failed: %s\n", 
+               DEBUG(10,("winbindd_dual_pam_auth_samlogon failed: %s\n",
                           nt_errstr(result)));
  
                 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS) ||
                     NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) ||
                           nt_errstr(result)));
  
                 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS) ||
                     NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) ||
-                   NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) 
+                   NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND))
                 {
                         DEBUG(10,("winbindd_dual_pam_auth_samlogon setting domain to offline\n"));
                         set_domain_offline( domain );
                 {
                         DEBUG(10,("winbindd_dual_pam_auth_samlogon setting domain to offline\n"));
                         set_domain_offline( domain );
-                       goto cached_logon;                      
+                       goto cached_logon;
                 }
  
                         if (domain->online) {
                 }
  
                         if (domain->online) {
@@ -1574,9 +1574,9 @@ sam_logon:
  
  cached_logon:
         /* Check for Cached logons */
  
  cached_logon:
         /* Check for Cached logons */
-       if (!domain->online && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN) && 
+       if (!domain->online && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN) &&
             lp_winbind_offline_logon()) {
             lp_winbind_offline_logon()) {
-       
+
                 result = winbindd_dual_pam_auth_cached(domain, state, &info3);
  
                 if (NT_STATUS_IS_OK(result)) {
                 result = winbindd_dual_pam_auth_cached(domain, state, &info3);
  
                 if (NT_STATUS_IS_OK(result)) {
@@ -1591,7 +1591,7 @@ cached_logon:
  process_result:
  
         if (NT_STATUS_IS_OK(result)) {
  process_result:
  
         if (NT_STATUS_IS_OK(result)) {
-       
+
                 DOM_SID user_sid;
  
                 /* In all codepaths where result == NT_STATUS_OK info3 must have
                 DOM_SID user_sid;
  
                 /* In all codepaths where result == NT_STATUS_OK info3 must have
@@ -1608,19 +1608,19 @@ process_result:
                    this is our primary domain so we don't invalidate
                    the cache entry by storing the seq_num for the wrong
                    domain). */
                    this is our primary domain so we don't invalidate
                    the cache entry by storing the seq_num for the wrong
                    domain). */
-               if ( domain->primary ) {                        
+               if ( domain->primary ) {
                         sid_compose(&user_sid, info3->base.domain_sid,
                                     info3->base.rid);
                         sid_compose(&user_sid, info3->base.domain_sid,
                                     info3->base.rid);
-                       cache_name2sid(domain, name_domain, name_user, 
+                       cache_name2sid(domain, name_domain, name_user,
                                        SID_NAME_USER, &user_sid);
                 }
                                        SID_NAME_USER, &user_sid);
                 }
-               
+
                 /* Check if the user is in the right group */
  
                 if (!NT_STATUS_IS_OK(result = check_info3_in_group(state->mem_ctx, info3,
                                         state->request.data.auth.require_membership_of_sid))) {
                         DEBUG(3, ("User %s is not in the required group (%s), so plaintext authentication is rejected\n",
                 /* Check if the user is in the right group */
  
                 if (!NT_STATUS_IS_OK(result = check_info3_in_group(state->mem_ctx, info3,
                                         state->request.data.auth.require_membership_of_sid))) {
                         DEBUG(3, ("User %s is not in the required group (%s), so plaintext authentication is rejected\n",
-                                 state->request.data.auth.user, 
+                                 state->request.data.auth.user,
                                   state->request.data.auth.require_membership_of_sid));
                         goto done;
                 }
                                   state->request.data.auth.require_membership_of_sid));
                         goto done;
                 }
@@ -1665,8 +1665,8 @@ process_result:
  
                         /* This is not entirely correct I believe, but it is
                            consistent.  Only apply the password policy settings
  
                         /* This is not entirely correct I believe, but it is
                            consistent.  Only apply the password policy settings
-                          too warn users for our own domain.  Cannot obtain these 
-                          from trusted DCs all the  time so don't do it at all. 
+                          too warn users for our own domain.  Cannot obtain these
+                          from trusted DCs all the  time so don't do it at all.
                            -- jerry */
  
                         result = NT_STATUS_NOT_SUPPORTED;
                            -- jerry */
  
                         result = NT_STATUS_NOT_SUPPORTED;
@@ -1674,16 +1674,16 @@ process_result:
                                 result = fillup_password_policy(our_domain, state);
                         }
  
                                 result = fillup_password_policy(our_domain, state);
                         }
  
-                       if (!NT_STATUS_IS_OK(result) 
-                           && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) 
+                       if (!NT_STATUS_IS_OK(result)
+                           && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
                         {
                         {
-                               DEBUG(10,("Failed to get password policies for domain %s: %s\n", 
+                               DEBUG(10,("Failed to get password policies for domain %s: %s\n",
                                           domain->name, nt_errstr(result)));
                                 goto done;
                         }
                 }
  
                                           domain->name, nt_errstr(result)));
                                 goto done;
                         }
                 }
  
-               result = NT_STATUS_OK;          
+               result = NT_STATUS_OK;
         }
  
  done:
         }
  
  done:
@@ -1692,26 +1692,26 @@ done:
             (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
                 result = NT_STATUS_NO_LOGON_SERVERS;
         }
             (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
                 result = NT_STATUS_NO_LOGON_SERVERS;
         }
-       
+
         state->response.data.auth.nt_status = NT_STATUS_V(result);
         fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
  
         /* we might have given a more useful error above */
         state->response.data.auth.nt_status = NT_STATUS_V(result);
         fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
  
         /* we might have given a more useful error above */
-       if (!*state->response.data.auth.error_string) 
+       if (!*state->response.data.auth.error_string)
                 fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
                 fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
-       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", 
-             state->request.data.auth.user, 
+       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n",
+             state->request.data.auth.user,
               state->response.data.auth.nt_status_string,
               state->response.data.auth.nt_status_string,
-             state->response.data.auth.pam_error));          
+             state->response.data.auth.pam_error));
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
  
  
  /**********************************************************************
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
  
  
  /**********************************************************************
- Challenge Response Authentication Protocol 
+ Challenge Response Authentication Protocol
  **********************************************************************/
  
  void winbindd_pam_auth_crap(struct winbindd_cli_state *state)
  **********************************************************************/
  
  void winbindd_pam_auth_crap(struct winbindd_cli_state *state)
@@ -1775,7 +1775,7 @@ void winbindd_pam_auth_crap(struct winbindd_cli_state *state)
         set_auth_errors(&state->response, result);
         DEBUG(5, ("CRAP authentication for %s\\%s returned %s (PAM: %d)\n",
                   state->request.data.auth_crap.domain,
         set_auth_errors(&state->response, result);
         DEBUG(5, ("CRAP authentication for %s\\%s returned %s (PAM: %d)\n",
                   state->request.data.auth_crap.domain,
-                 state->request.data.auth_crap.user, 
+                 state->request.data.auth_crap.user,
                   state->response.data.auth.nt_status_string,
                   state->response.data.auth.pam_error));
         request_error(state);
                   state->response.data.auth.nt_status_string,
                   state->response.data.auth.pam_error));
         request_error(state);
@@ -1784,7 +1784,7 @@ void winbindd_pam_auth_crap(struct winbindd_cli_state *state)
  
  
  enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
  
  
  enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
-                                                struct winbindd_cli_state *state) 
+                                                struct winbindd_cli_state *state)
  {
         NTSTATUS result;
         struct netr_SamInfo3 *info3 = NULL;
  {
         NTSTATUS result;
         struct netr_SamInfo3 *info3 = NULL;
@@ -1817,7 +1817,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
         } else if (lp_winbind_use_default_domain()) {
                 name_domain = lp_workgroup();
         } else {
         } else if (lp_winbind_use_default_domain()) {
                 name_domain = lp_workgroup();
         } else {
-               DEBUG(5,("no domain specified with username (%s) - failing auth\n", 
+               DEBUG(5,("no domain specified with username (%s) - failing auth\n",
                          name_user));
                 result = NT_STATUS_NO_SUCH_USER;
                 goto done;
                          name_user));
                 result = NT_STATUS_NO_SUCH_USER;
                 goto done;
@@ -1825,7 +1825,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
  
         DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n", (unsigned long)state->pid,
                   name_domain, name_user));
  
         DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n", (unsigned long)state->pid,
                   name_domain, name_user));
-          
+
         if (*state->request.data.auth_crap.workstation) {
                 workstation = state->request.data.auth_crap.workstation;
         } else {
         if (*state->request.data.auth_crap.workstation) {
                 workstation = state->request.data.auth_crap.workstation;
         } else {
@@ -1834,8 +1834,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
  
         if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp)
                 || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) {
  
         if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp)
                 || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) {
-               DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", 
-                         state->request.data.auth_crap.lm_resp_len, 
+               DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n",
+                         state->request.data.auth_crap.lm_resp_len,
                           state->request.data.auth_crap.nt_resp_len));
                 result = NT_STATUS_INVALID_PARAMETER;
                 goto done;
                           state->request.data.auth_crap.nt_resp_len));
                 result = NT_STATUS_INVALID_PARAMETER;
                 goto done;
@@ -1847,11 +1847,11 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
                                         state->request.data.auth_crap.nt_resp_len);
  
         /* what domain should we contact? */
                                         state->request.data.auth_crap.nt_resp_len);
  
         /* what domain should we contact? */
-       
+
         if ( IS_DC ) {
                 if (!(contact_domain = find_domain_from_name(name_domain))) {
         if ( IS_DC ) {
                 if (!(contact_domain = find_domain_from_name(name_domain))) {
-                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n", 
-                                 state->request.data.auth_crap.user, name_domain, name_user, name_domain)); 
+                       DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+                                 state->request.data.auth_crap.user, name_domain, name_user, name_domain));
                         result = NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
                         result = NT_STATUS_NO_SUCH_USER;
                         goto done;
                 }
@@ -1887,7 +1887,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
                                   state->request.data.auth_crap.logon_parameters,
                                   contact_domain->dcname,
                                   name_user,
                                   state->request.data.auth_crap.logon_parameters,
                                   contact_domain->dcname,
                                   name_user,
-                                 name_domain, 
+                                 name_domain,
                                   /* Bug #3248 - found by Stefan Burkei. */
                                   workstation, /* We carefully set this above so use it... */
                                   state->request.data.auth_crap.chal,
                                   /* Bug #3248 - found by Stefan Burkei. */
                                   workstation, /* We carefully set this above so use it... */
                                   state->request.data.auth_crap.chal,
@@ -1918,7 +1918,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
                 /* if we get access denied, a possible cause was that we had and open
                    connection to the DC, but someone changed our machine account password
                    out from underneath us using 'net rpc changetrustpw' */
                 /* if we get access denied, a possible cause was that we had and open
                    connection to the DC, but someone changed our machine account password
                    out from underneath us using 'net rpc changetrustpw' */
-                  
+
                 if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
                         DEBUG(3,("winbindd_pam_auth: sam_logon returned "
                                  "ACCESS_DENIED.  Maybe the trust account "
                 if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
                         DEBUG(3,("winbindd_pam_auth: sam_logon returned "
                                  "ACCESS_DENIED.  Maybe the trust account "
@@ -1927,7 +1927,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
                                 name_domain));
                         invalidate_cm_connection(&contact_domain->conn);
                         retry = True;
                                 name_domain));
                         invalidate_cm_connection(&contact_domain->conn);
                         retry = True;
-               } 
+               }
  
         } while ( (attempts < 2) && retry );
  
  
         } while ( (attempts < 2) && retry );
  
@@ -1942,7 +1942,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
                                                         state->request.data.auth_crap.require_membership_of_sid))) {
                         DEBUG(3, ("User %s is not in the required group (%s), so "
                                   "crap authentication is rejected\n",
                                                         state->request.data.auth_crap.require_membership_of_sid))) {
                         DEBUG(3, ("User %s is not in the required group (%s), so "
                                   "crap authentication is rejected\n",
-                                 state->request.data.auth_crap.user, 
+                                 state->request.data.auth_crap.user,
                                   state->request.data.auth_crap.require_membership_of_sid));
                         goto done;
                 }
                                   state->request.data.auth_crap.require_membership_of_sid));
                         goto done;
                 }
@@ -1974,12 +1974,12 @@ done:
         }
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
         }
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
-       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, 
-             ("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n", 
+       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
+             ("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n",
                name_domain,
                name_user,
                state->response.data.auth.nt_status_string,
                name_domain,
                name_user,
                state->response.data.auth.nt_status_string,
-              state->response.data.auth.pam_error));         
+              state->response.data.auth.pam_error));
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
@@ -2002,7 +2002,7 @@ void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
                 set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
                 DEBUG(5, ("winbindd_pam_chauthtok: canonicalize_username %s failed with %s"
                           "(PAM: %d)\n",
                 set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
                 DEBUG(5, ("winbindd_pam_chauthtok: canonicalize_username %s failed with %s"
                           "(PAM: %d)\n",
-                         state->request.data.auth.user, 
+                         state->request.data.auth.user,
                           state->response.data.auth.nt_status_string,
                           state->response.data.auth.pam_error));
                 request_error(state);
                           state->response.data.auth.nt_status_string,
                           state->response.data.auth.pam_error));
                 request_error(state);
@@ -2012,8 +2012,8 @@ void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
         contact_domain = find_domain_from_name(domain);
         if (!contact_domain) {
                 set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
         contact_domain = find_domain_from_name(domain);
         if (!contact_domain) {
                 set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
-               DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n", 
-                         state->request.data.chauthtok.user, domain, user, domain)); 
+               DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n",
+                         state->request.data.chauthtok.user, domain, user, domain));
                 request_error(state);
                 return;
         }
                 request_error(state);
                 return;
         }
@@ -2092,18 +2092,18 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
  
                 DEBUG(10,("Password change with chgpasswd_user3 failed with: %s, retrying chgpasswd_user2\n",
                         nt_errstr(result)));
  
                 DEBUG(10,("Password change with chgpasswd_user3 failed with: %s, retrying chgpasswd_user2\n",
                         nt_errstr(result)));
-               
+
                 result = rpccli_samr_chgpasswd_user2(cli, state->mem_ctx, user, newpass, oldpass);
  
                 /* Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION.
                    Map to the same status code as Windows 2003. */
  
                 if ( NT_STATUS_EQUAL(NT_STATUS_ACCOUNT_RESTRICTION, result ) ) {
                 result = rpccli_samr_chgpasswd_user2(cli, state->mem_ctx, user, newpass, oldpass);
  
                 /* Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION.
                    Map to the same status code as Windows 2003. */
  
                 if ( NT_STATUS_EQUAL(NT_STATUS_ACCOUNT_RESTRICTION, result ) ) {
-                       result = NT_STATUS_PASSWORD_RESTRICTION;                        
+                       result = NT_STATUS_PASSWORD_RESTRICTION;
                 }
         }
  
                 }
         }
  
-done: 
+done:
  
         if (NT_STATUS_IS_OK(result) && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN)) {
  
  
         if (NT_STATUS_IS_OK(result) && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN)) {
  
@@ -2151,7 +2151,7 @@ done:
         if (!NT_STATUS_IS_OK(result) && !got_info && contact_domain) {
  
                 NTSTATUS policy_ret;
         if (!NT_STATUS_IS_OK(result) && !got_info && contact_domain) {
  
                 NTSTATUS policy_ret;
-               
+
                 policy_ret = fillup_password_policy(contact_domain, state);
  
                 /* failure of this is non critical, it will just provide no
                 policy_ret = fillup_password_policy(contact_domain, state);
  
                 /* failure of this is non critical, it will just provide no
@@ -2171,12 +2171,12 @@ process_result:
         fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
         fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
-       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, 
-             ("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n", 
+       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
+             ("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n",
                domain,
                user,
                state->response.data.auth.nt_status_string,
                domain,
                user,
                state->response.data.auth.nt_status_string,
-              state->response.data.auth.pam_error));         
+              state->response.data.auth.pam_error));
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
@@ -2211,7 +2211,7 @@ void winbindd_pam_logoff(struct winbindd_cli_state *state)
         }
  
         if ((sys_getpeereid(state->sock, &caller_uid)) != 0) {
         }
  
         if ((sys_getpeereid(state->sock, &caller_uid)) != 0) {
-               DEBUG(1,("winbindd_pam_logoff: failed to check peerid: %s\n", 
+               DEBUG(1,("winbindd_pam_logoff: failed to check peerid: %s\n",
                         strerror(errno)));
                 goto failed;
         }
                         strerror(errno)));
                 goto failed;
         }
@@ -2247,7 +2247,7 @@ void winbindd_pam_logoff(struct winbindd_cli_state *state)
  }
  
  enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
  }
  
  enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
-                                             struct winbindd_cli_state *state) 
+                                             struct winbindd_cli_state *state)
  {
         NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
  
  {
         NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
  
@@ -2265,7 +2265,7 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
         }
  
  #ifdef HAVE_KRB5
         }
  
  #ifdef HAVE_KRB5
-       
+
         if (state->request.data.logoff.uid < 0) {
                 DEBUG(0,("winbindd_pam_logoff: invalid uid\n"));
                 goto process_result;
         if (state->request.data.logoff.uid < 0) {
                 DEBUG(0,("winbindd_pam_logoff: invalid uid\n"));
                 goto process_result;
@@ -2280,7 +2280,7 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
                 goto process_result;
         }
  
                 goto process_result;
         }
  
-       if (!ccache_entry_identical(state->request.data.logoff.user, 
+       if (!ccache_entry_identical(state->request.data.logoff.user,
                                         state->request.data.logoff.uid,
                                         state->request.data.logoff.krb5ccname)) {
                 DEBUG(0,("winbindd_pam_logoff: cached entry differs.\n"));
                                         state->request.data.logoff.uid,
                                         state->request.data.logoff.krb5ccname)) {
                 DEBUG(0,("winbindd_pam_logoff: cached entry differs.\n"));
@@ -2322,12 +2322,12 @@ void winbindd_pam_chng_pswd_auth_crap(struct winbindd_cli_state *state)
                 sizeof(state->request.data.chng_pswd_auth_crap.user)-1]=0;
         state->request.data.chng_pswd_auth_crap.domain[
                 sizeof(state->request.data.chng_pswd_auth_crap.domain)-1]=0;
                 sizeof(state->request.data.chng_pswd_auth_crap.user)-1]=0;
         state->request.data.chng_pswd_auth_crap.domain[
                 sizeof(state->request.data.chng_pswd_auth_crap.domain)-1]=0;
-       
+
         DEBUG(3, ("[%5lu]: pam change pswd auth crap domain: %s user: %s\n",
                   (unsigned long)state->pid,
                   state->request.data.chng_pswd_auth_crap.domain,
                   state->request.data.chng_pswd_auth_crap.user));
         DEBUG(3, ("[%5lu]: pam change pswd auth crap domain: %s user: %s\n",
                   (unsigned long)state->pid,
                   state->request.data.chng_pswd_auth_crap.domain,
                   state->request.data.chng_pswd_auth_crap.user));
-       
+
         if (*state->request.data.chng_pswd_auth_crap.domain != '\0') {
                 domain_name = state->request.data.chng_pswd_auth_crap.domain;
         } else if (lp_winbind_use_default_domain()) {
         if (*state->request.data.chng_pswd_auth_crap.domain != '\0') {
                 domain_name = state->request.data.chng_pswd_auth_crap.domain;
         } else if (lp_winbind_use_default_domain()) {
@@ -2347,7 +2347,7 @@ void winbindd_pam_chng_pswd_auth_crap(struct winbindd_cli_state *state)
         set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
         DEBUG(5, ("CRAP change password  for %s\\%s returned %s (PAM: %d)\n",
                   state->request.data.chng_pswd_auth_crap.domain,
         set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
         DEBUG(5, ("CRAP change password  for %s\\%s returned %s (PAM: %d)\n",
                   state->request.data.chng_pswd_auth_crap.domain,
-                 state->request.data.chng_pswd_auth_crap.user, 
+                 state->request.data.chng_pswd_auth_crap.user,
                   state->response.data.auth.nt_status_string,
                   state->response.data.auth.pam_error));
         request_error(state);
                   state->response.data.auth.nt_status_string,
                   state->response.data.auth.pam_error));
         request_error(state);
@@ -2373,7 +2373,7 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
                 sizeof(state->request.data.chng_pswd_auth_crap.domain)-1]=0;
         *domain = 0;
         *user = 0;
                 sizeof(state->request.data.chng_pswd_auth_crap.domain)-1]=0;
         *domain = 0;
         *user = 0;
-       
+
         DEBUG(3, ("[%5lu]: pam change pswd auth crap domain: %s user: %s\n",
                   (unsigned long)state->pid,
                   state->request.data.chng_pswd_auth_crap.domain,
         DEBUG(3, ("[%5lu]: pam change pswd auth crap domain: %s user: %s\n",
                   (unsigned long)state->pid,
                   state->request.data.chng_pswd_auth_crap.domain,
@@ -2411,7 +2411,7 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
  
         DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n",
                   (unsigned long)state->pid, domain, user));
  
         DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n",
                   (unsigned long)state->pid, domain, user));
-       
+
         /* Change password */
         new_nt_password = data_blob_talloc(
                 state->mem_ctx,
         /* Change password */
         new_nt_password = data_blob_talloc(
                 state->mem_ctx,
@@ -2450,18 +2450,18 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
                 cli, state->mem_ctx, user, new_nt_password, old_nt_hash_enc,
                 new_lm_password, old_lm_hash_enc);
  
                 cli, state->mem_ctx, user, new_nt_password, old_nt_hash_enc,
                 new_lm_password, old_lm_hash_enc);
  
- done:    
+ done:
         state->response.data.auth.nt_status = NT_STATUS_V(result);
         fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
         fstrcpy(state->response.data.auth.error_string,
                 get_friendly_nt_error_msg(result));
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
         state->response.data.auth.nt_status = NT_STATUS_V(result);
         fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
         fstrcpy(state->response.data.auth.error_string,
                 get_friendly_nt_error_msg(result));
         state->response.data.auth.pam_error = nt_status_to_pam(result);
  
-       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, 
-             ("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n", 
+       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
+             ("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n",
                domain, user,
                state->response.data.auth.nt_status_string,
                domain, user,
                state->response.data.auth.nt_status_string,
-              state->response.data.auth.pam_error));         
+              state->response.data.auth.pam_error));
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }
  
         return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
  }