diff options
author | Ralph Boehme <slow@samba.org> | 2021-01-11 16:50:31 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2021-01-28 09:17:15 +0000 |
commit | 56d9705ca7618856e735447c4a54b256fdbbf5b5 (patch) | |
tree | ddab59ad32e647d6b79ee5afcc22b26a75759288 | |
parent | f3c47cdc1d3fe5a03879bec7f2892a393e3b0211 (diff) | |
download | samba-56d9705ca7618856e735447c4a54b256fdbbf5b5.tar.gz |
winbind: check for allowed domains in winbindd_dual_pam_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4cefdf03fec91cdcf700922b1a5ceca02407e259)
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index a3d8716f781..79dc736ca0b 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2404,6 +2404,15 @@ process_result: goto done; } + if (!is_allowed_domain(info3->base.logon_domain.string)) { + DBG_NOTICE("Authentication failed for user [%s] " + "from firewalled domain [%s]\n", + info3->base.account_name.string, + info3->base.logon_domain.string); + result = NT_STATUS_AUTHENTICATION_FIREWALL_FAILED; + goto done; + } + result = append_auth_data(state->mem_ctx, state->response, state->request->flags, validation_level, |