From fb42e0317389bb61c2c3fb7c55e0ff8cf13a40c8 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Mon, 27 Mar 2017 15:11:08 -0700 Subject: [PATCH] winbindd: Fix password policy for pam authentication Authenticating users from trusted domains would return the password policy of the joined domain. Fix the code so that the password policy of the joined domain is only returned for users from that domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725 Signed-off-by: Christof Schmitt Reviewed-by: Andreas Schneider Autobuild-User(master): Christof Schmitt Autobuild-Date(master): Wed Mar 29 22:54:47 CEST 2017 on sn-devel-144 (cherry picked from commit bc39fb07ced84af4d97853d00d07fb4293352686) --- source3/winbindd/winbindd_pam.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 741a42f..292f550 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1900,7 +1900,7 @@ process_result: -- jerry */ result = NT_STATUS_NOT_SUPPORTED; - if (our_domain == domain ) { + if (strequal(name_domain, our_domain->name)) { result = fillup_password_policy( our_domain, state->response); } @@ -1908,8 +1908,9 @@ process_result: if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) { - DEBUG(10,("Failed to get password policies for domain %s: %s\n", - domain->name, nt_errstr(result))); + DBG_DEBUG("Failed to get password policies for " + "domain %s: %s\n", our_domain->name, + nt_errstr(result)); goto done; } } -- 1.8.3.1