[SCM] Samba Shared Repository - branch master updated
jra at samba.org
Thu Jul 29 14:59:05 MDT 2010
On Thu, Jul 29, 2010 at 10:14:06PM +0200, Volker Lendecke wrote:
> On Thu, Jul 29, 2010 at 02:53:34PM -0500, Jeremy Allison wrote:
> > Fix bug #7589 - ntlm_auth fails to use cached credentials.
> > In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
> > of the mapped username, but fails to canonicalize the actual username
> > sent to the backend domain process. When "winbind default domain"
> > is set this can lead to credentials being cached with an index of
> > user: user, not DOMAIN\user. All other code paths that use
> > canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
> > correctly canonicalize the data sent to the backend. All calls
> > the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
> > correctly call canonicalize_username() to create the credential
> > lookup key.
> That was mine, right? Thanks for fixing! :-)
I think so (maybe :-). I'd appreciate you checking it as well
(even though I'm 100% certain on this one, I could still be
It still needs some tidyup. The call to normalize_name_unmap()
makes *no* sense as it's called with what is passed in from
the client, which could be DOMAIN\user. This call should only
ever act on the last component, not the domain portion (I think,
the semantics of normalize_name_unmap() seem idiotic and
insane to me :-). I can't imagine anyone actually has :
winbind normalize names = yes
set in their smb.conf.
More information about the samba-technical