svn commit: samba r15240 - branches/SAMBA_3_0/source
branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/libads
branches/SAMBA_3_0/source/libsmb
branches/SAMBA_3_0/source/nsswitch trunk/source
trunk/source/include trunk/source/libads trunk/source/libsmb
trunk/source/nsswitch
gd at samba.org
gd at samba.org
Tue Apr 25 12:24:28 GMT 2006
Author: gd
Date: 2006-04-25 12:24:25 +0000 (Tue, 25 Apr 2006)
New Revision: 15240
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15240
Log:
Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
Modified:
branches/SAMBA_3_0/source/Makefile.in
branches/SAMBA_3_0/source/configure.in
branches/SAMBA_3_0/source/include/ads.h
branches/SAMBA_3_0/source/include/includes.h
branches/SAMBA_3_0/source/libads/kerberos.c
branches/SAMBA_3_0/source/libsmb/clikrb5.c
branches/SAMBA_3_0/source/libsmb/nmblib.c
branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
trunk/source/Makefile.in
trunk/source/configure.in
trunk/source/include/ads.h
trunk/source/include/includes.h
trunk/source/libads/kerberos.c
trunk/source/libsmb/clikrb5.c
trunk/source/libsmb/nmblib.c
trunk/source/nsswitch/winbindd_cred_cache.c
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Sorry, the patch is too large (667 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15240
More information about the samba-cvs
mailing list