The Samba-Bugzilla – Attachment 7287 Details for
Bug 8734
When using PAM_AUTH API from winbind if Kerberos auth is enabled, samba will authenticate user with a bogus domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next
0001-s3-winbind-don-t-try-to-do-clever-thing-if-the-usern.patch (text/plain), 1.36 KB, created by
Jeremy Allison
on 2012-02-02 20:58:35 UTC
(
hide
)
Description:
git-am fix for 3.6.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-02-02 20:58:35 UTC
Size:
1.36 KB
patch
obsolete
>From 06b77c75a67f6478f1956c597d37dc495061b232 Mon Sep 17 00:00:00 2001 >From: Matthieu Patou <mat@matws.net> >Date: Mon, 30 Jan 2012 00:05:08 -0800 >Subject: [PATCH] s3-winbind: don't try to do clever thing if the username is > not found while authenticating through winbind > >This could cause that we authenticate a user with a bogus domain to >winbind's domain if the password supplied for the PAM_AUTH match. > >The problem was reported by Jeff Venable (jvenable@juniper.net). >Patch from Andrew Bartlett (abartlett@samba.org). > >Autobuild-User: Matthieu Patou <mat@samba.org> >Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104 >(cherry picked from commit 56d5cb938651b9c67a8400d1adc61a23889a6a29) >--- > source3/winbindd/winbindd_pam.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index bde16b1..79189ba 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -1078,7 +1078,8 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain, > DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n", > state->request->data.auth.user, name_domain, name_user, name_domain)); > >- contact_domain = find_our_domain(); >+ result = NT_STATUS_NO_SUCH_USER; >+ goto done; > } > } > >-- >1.7.7.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review?
(
mat
)
Actions:
View
Attachments on
bug 8734
: 7287