| commit | b8f9c3c9bb89f8be61452d530b2b8d3c1debe9bc | |
| author | Jeremy Allison <jra@samba.org> | |
| Thu, 29 Jul 2010 20:44:35 +0000 (29 13:44 -0700) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Mon, 27 Sep 2010 19:29:00 +0000 (27 21:29 +0200) | ||
| tree | bd6bdd8c0a9e9827a70f3fef0818a1d58621ddf3 | treesnapshot (tar.gz zip) |
| parent | deb10a581c78bd1ad44059766478ffa920a853c6 | commitdiff |
Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.
Jeremy.
(cherry picked from commit c3f2015075ff1e523536cdd242ba0ec5b26f081c)
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.
Jeremy.
(cherry picked from commit c3f2015075ff1e523536cdd242ba0ec5b26f081c)
| source3/winbindd/winbindd_pam.c | diffblobblamehistory |