The branch, v3-6-test has been updated
via a1ea963 s3-winbind: don't try to do clever thing if the username is
not found while authenticating through winbind
from e86ad41 Fix for bug #8727 - smbclient fails with posix large reads.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit a1ea9634fd07d1a949b9f772c36fcfb84c2f230f
Author: Matthieu Patou <[email protected]>
Date: Mon Jan 30 00:05:08 2012 -0800
s3-winbind: don't try to do clever thing if the username is not found while
authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.
The problem was reported by Jeff Venable ([email protected]).
Patch from Andrew Bartlett ([email protected]).
Autobuild-User: Matthieu Patou <[email protected]>
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
(cherry picked from commit 56d5cb938651b9c67a8400d1adc61a23889a6a29)
Fix bug #8734 (When using PAM_AUTH API from winbind if Kerberos auth is
enabled,
samba will authenticate user with a bogus domain).
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index bde16b1..79189ba 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1078,7 +1078,8 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct
winbindd_domain *domain,
DEBUG(3, ("Authentication for domain for [%s] ->
[%s]\\[%s] failed as %s is not a trusted domain\n",
state->request->data.auth.user, name_domain,
name_user, name_domain));
- contact_domain = find_our_domain();
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
}
}
--
Samba Shared Repository
