Logical hole in pam_sm_chauthtok() and
winbindd_dual_pam_chauthtok()?
Bo Yang
boyang at novell.com
Fri Jun 6 04:54:35 GMT 2008
Hi, All:
There is a logical hole in pam_sm_chauthtok() and winbindd_dual_pam_chauthtok().
In pam_sm_chauthtok(), WINBIND_CACHED_LOGIN is cleared, which causes WBFLAG_PAM_CACHED_LOGIN
cleared. But in winbindd_dual_pam_chauthtok(),
if (NT_STATUS_IS_OK(result) && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN)) {
Update cached credentials.
}
But WBFLAG_PAM_CACHED_LOGIN is cleared, therefore, cached credential is never updated when password is
changed.
Patches for v3-0-test, v3-2-test, v3-3-test in attachment.
Please review it.
Thanks!
Best
Regards
BoYang
6.6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: set_cached_login_flag_in_chauthtok-v3-0-test.diff
Type: application/octet-stream
Size: 620 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080605/90aa1317/set_cached_login_flag_in_chauthtok-v3-0-test.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: set_cached_login_flag_in_chauthtok-v3-2-test.diff
Type: application/octet-stream
Size: 611 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080605/90aa1317/set_cached_login_flag_in_chauthtok-v3-2-test.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: set_cached_login_flag_in_chauthtok-v3-3-test.diff
Type: application/octet-stream
Size: 611 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080605/90aa1317/set_cached_login_flag_in_chauthtok-v3-3-test.obj
More information about the samba-technical
mailing list