[PATCH] fixes account locked when using winbind refresh tickets
Ralph Böhme
slow at samba.org
Fri Jan 12 09:58:25 UTC 2018
Hi David,
On Thu, Jan 11, 2018 at 04:45:06PM -0700, David Mulder via samba-technical wrote:
> Fixes bug 13212.
>
> Lockouts were caused by winbind cached passwords being used to re-kinit
> users after a period of being offline (and tickets expiring), except
> that the password had been changed and caused badPwdCount to increase.
> This happening on multiple machines at once locked out the user accounts.
oh, good catch! Thanks.
There are some README.Coding issues around "Make use of helper variables". Can
you fix those please?
Does this hunk even compile:
+ if ((at_ptr = strchr(entry->principal_name, '@')) != NULL) {
+ int strlen = at_ptr-entry->principal_name;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ sam = talloc_zero_size(ctx, strlen+1);
+ strncpy(sam, entry->principal_name, strlen);
+ } else {
+ DEBUG(5,("Could not determine samAccountName from %s\n",
+ entry->principal_name));
+ goto fail;
+ }
Also, why not use talloc_strndup()?
And would it be possible to reuse ads_idmap_cached_connection() instead of
rolling your own?
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
More information about the samba-technical
mailing list