|
 |
6729ff |
From f62683956a3b182f6a61cc7a2b4ada2e74cde243 Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Noel Power <noel.power@suse.com>
|
|
|
6729ff |
Date: Wed, 16 Oct 2013 16:30:55 +0100
|
|
|
6729ff |
Subject: [PATCH] fail authentication for single group name which cannot be
|
|
|
6729ff |
converted to sid
|
|
|
6729ff |
|
|
|
6729ff |
furthermore if more than one name is supplied and no sid is converted
|
|
|
6729ff |
then also fail.
|
|
|
6729ff |
|
|
|
6729ff |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300
|
|
|
6729ff |
|
|
|
6729ff |
Signed-off-by: Noel Power <noel.power@suse.com>
|
|
|
6729ff |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
|
6729ff |
[ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
|
|
|
6729ff |
---
|
|
|
6729ff |
nsswitch/pam_winbind.c | 6 ++++++
|
|
|
6729ff |
1 file changed, 6 insertions(+)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
|
|
|
6729ff |
index 9322971..cd5e7ba 100644
|
|
|
6729ff |
--- a/nsswitch/pam_winbind.c
|
|
|
6729ff |
+++ b/nsswitch/pam_winbind.c
|
|
|
6729ff |
@@ -1172,6 +1172,12 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
|
|
|
6729ff |
_make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
|
|
|
6729ff |
"to sid, please contact your administrator to see "
|
|
|
6729ff |
"if group %s is valid."), search_location, search_location);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ /* If no valid groups were converted we should fail outright */
|
|
|
6729ff |
+ if (name_list != NULL && strlen(sid_list_buffer) == 0) {
|
|
|
6729ff |
+ result = false;
|
|
|
6729ff |
+ goto out;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
/*
|
|
|
6729ff |
* The lookup of the last name failed..
|
|
|
6729ff |
* It results in require_member_of_sid ends with ','
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.1.4
|