svn commit: samba r15240 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/nsswitch trunk/source trunk/source/include trunk/source/libads trunk/source/libsmb trunk/source/nsswitch

gd at samba.org gd at samba.org
Tue Apr 25 12:24:28 GMT 2006


Author: gd
Date: 2006-04-25 12:24:25 +0000 (Tue, 25 Apr 2006)
New Revision: 15240

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15240

Log:
Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect.

The krb5 AS-REQ needs to add the host netbios-name in the address-list.

We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.

Guenther

Modified:
   branches/SAMBA_3_0/source/Makefile.in
   branches/SAMBA_3_0/source/configure.in
   branches/SAMBA_3_0/source/include/ads.h
   branches/SAMBA_3_0/source/include/includes.h
   branches/SAMBA_3_0/source/libads/kerberos.c
   branches/SAMBA_3_0/source/libsmb/clikrb5.c
   branches/SAMBA_3_0/source/libsmb/nmblib.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
   trunk/source/Makefile.in
   trunk/source/configure.in
   trunk/source/include/ads.h
   trunk/source/include/includes.h
   trunk/source/libads/kerberos.c
   trunk/source/libsmb/clikrb5.c
   trunk/source/libsmb/nmblib.c
   trunk/source/nsswitch/winbindd_cred_cache.c
   trunk/source/nsswitch/winbindd_pam.c


Changeset:
Sorry, the patch is too large (667 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15240


More information about the samba-cvs mailing list