[PATCH][BUG 12725] winbindd: Fix password policy for pam authentication

Tue Mar 28 21:09:51 UTC 2017

From d993da727d8af96ba4717fbd18d261ce69db21d7 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 27 Mar 2017 15:11:08 -0700
Subject: [PATCH] winbindd: Fix password policy for pam authentication

Authenticating users from trusted domains would return the password
policy of the joined domain. Fix the code so that the password policy of
the joined domain is only returned for users from that domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 source3/winbindd/winbindd_pam.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 782b28a..1f4444f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1907,7 +1907,7 @@ process_result:
 			   -- jerry */
 
 			result = NT_STATUS_NOT_SUPPORTED;
-			if (our_domain == domain ) {
+			if (strequal(name_domain, our_domain->name)) {
 				result = fillup_password_policy(
 					our_domain, state->response);
 			}
@@ -1915,8 +1915,9 @@ process_result:
 			if (!NT_STATUS_IS_OK(result)
 			    && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
 			{
-				DEBUG(10,("Failed to get password policies for domain %s: %s\n",
-					  domain->name, nt_errstr(result)));
+				DBG_DEBUG("Failed to get password policies for "
+					  "domain %s: %s\n", our_domain->name,
+					  nt_errstr(result));
 				goto done;
 			}
 		}
-- 
1.8.3.1

