From df640e12eeca088bafd68d1cd7d3643b2a144ce8 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Mon, 27 Mar 2017 15:11:08 -0700 Subject: [PATCH] winbindd: Fix password policy for pam authentication Authenticating users from trusted domains would return the password policy of the joined domain. Fix the code so that the password policy of the joined domain is only returned for users from that domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725 Signed-off-by: Christof Schmitt Reviewed-by: Andreas Schneider Autobuild-User(master): Christof Schmitt Autobuild-Date(master): Wed Mar 29 22:54:47 CEST 2017 on sn-devel-144 (cherry picked from commit bc39fb07ced84af4d97853d00d07fb4293352686) --- source3/winbindd/winbindd_pam.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 8456876..ff2e2cb 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1907,7 +1907,7 @@ process_result: -- jerry */ result = NT_STATUS_NOT_SUPPORTED; - if (our_domain == domain ) { + if (strequal(name_domain, our_domain->name)) { result = fillup_password_policy( our_domain, state->response); } @@ -1915,8 +1915,9 @@ process_result: if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) { - DEBUG(10,("Failed to get password policies for domain %s: %s\n", - domain->name, nt_errstr(result))); + DBG_DEBUG("Failed to get password policies for " + "domain %s: %s\n", our_domain->name, + nt_errstr(result)); goto done; } } -- 1.8.3.1