svn commit: samba r22901 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_25/source/nsswitch SAMBA_3_0_26/source/nsswitch
gd at samba.org
gd at samba.org
Tue May 15 13:42:54 GMT 2007
Author: gd
Date: 2007-05-15 13:42:53 +0000 (Tue, 15 May 2007)
New Revision: 22901
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22901
Log:
When an AD account has UF_DONT_REQUIRE_PREAUTH set we need to fallback to ntlm
in the kerberized PAM_AUTH.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-15 12:18:17 UTC (rev 22900)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-15 13:42:53 UTC (rev 22901)
@@ -566,6 +566,14 @@
http_timestring(ticket_lifetime), (int)ticket_lifetime,
http_timestring(renewal_until), (int)renewal_until));
+ /* we cannot continue with krb5 when UF_DONT_REQUIRE_PREAUTH is set,
+ * in that case fallback to NTLM - gd */
+
+ if ((ticket_lifetime == 0) && (renewal_until == 0)) {
+ result = NT_STATUS_INVALID_LOGON_TYPE;
+ goto failed;
+ }
+
client_princ = talloc_strdup(state->mem_ctx, global_myname());
if (client_princ == NULL) {
result = NT_STATUS_NO_MEMORY;
Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c 2007-05-15 12:18:17 UTC (rev 22900)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c 2007-05-15 13:42:53 UTC (rev 22901)
@@ -579,6 +579,14 @@
http_timestring(ticket_lifetime), (int)ticket_lifetime,
http_timestring(renewal_until), (int)renewal_until));
+ /* we cannot continue with krb5 when UF_DONT_REQUIRE_PREAUTH is set,
+ * in that case fallback to NTLM - gd */
+
+ if ((ticket_lifetime == 0) && (renewal_until == 0)) {
+ result = NT_STATUS_INVALID_LOGON_TYPE;
+ goto failed;
+ }
+
client_princ = talloc_strdup(state->mem_ctx, global_myname());
if (client_princ == NULL) {
result = NT_STATUS_NO_MEMORY;
Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c 2007-05-15 12:18:17 UTC (rev 22900)
+++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c 2007-05-15 13:42:53 UTC (rev 22901)
@@ -594,6 +594,14 @@
http_timestring(ticket_lifetime), (int)ticket_lifetime,
http_timestring(renewal_until), (int)renewal_until));
+ /* we cannot continue with krb5 when UF_DONT_REQUIRE_PREAUTH is set,
+ * in that case fallback to NTLM - gd */
+
+ if ((ticket_lifetime == 0) && (renewal_until == 0)) {
+ result = NT_STATUS_INVALID_LOGON_TYPE;
+ goto failed;
+ }
+
client_princ = talloc_strdup(state->mem_ctx, global_myname());
if (client_princ == NULL) {
result = NT_STATUS_NO_MEMORY;
More information about the samba-cvs
mailing list