diff options
author | Ralph Boehme <slow@samba.org> | 2021-01-11 17:59:48 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2021-01-27 16:00:06 +0000 |
commit | 9b717968bd75d04800cbd39d680962d6ddf9c01f (patch) | |
tree | 930127984b4a373610c9abb2874078cc59c7f216 | |
parent | 647d1ca5e79786053c250e1e2c84f0e36a8242a5 (diff) | |
download | samba-9b717968bd75d04800cbd39d680962d6ddf9c01f.tar.gz |
winbind: check for allowed domains in winbindd_dual_pam_chauthtok()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 88e92faace7ec17810903166fa3433aa4842a4e3)
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 5dcfeb11b99..3375af66821 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2845,6 +2845,14 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact goto done; } + if (!is_allowed_domain(domain)) { + DBG_NOTICE("Authentication failed for user [%s] " + "from firewalled domain [%s]\n", + user, domain); + result = NT_STATUS_AUTHENTICATION_FIREWALL_FAILED; + goto done; + } + /* Change password */ oldpass = state->request->data.chauthtok.oldpass; |