diff options
author | Ralph Boehme <slow@samba.org> | 2021-01-11 17:19:05 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2021-01-28 09:17:15 +0000 |
commit | cf410814e252886b8bce28289654a237616d8a52 (patch) | |
tree | 0ef1b58167fdd2f9f80a197fd3f356cdcf5a6a08 | |
parent | 2a73dfcf27a7407f932112fd978fc84d47d29682 (diff) | |
download | samba-cf410814e252886b8bce28289654a237616d8a52.tar.gz |
winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4bc17600bc50fbc0e54d9d019d8db67001fc3eef)
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 78565d2854f..477d52da3ed 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -3105,6 +3105,15 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai fstrcpy(domain,lp_workgroup()); } + if (!is_allowed_domain(domain)) { + DBG_NOTICE("Authentication failed for user [%s] " + "from firewalled domain [%s]\n", + state->request->data.chng_pswd_auth_crap.user, + domain); + result = NT_STATUS_AUTHENTICATION_FIREWALL_FAILED; + goto done; + } + if(!*user) { fstrcpy(user, state->request->data.chng_pswd_auth_crap.user); } |