summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald W. Carter <jerry@samba.org>2008-03-27 11:56:29 -0500
committerGerald W. Carter <jerry@samba.org>2008-03-27 11:56:29 -0500
commit9c169e9e42b58e7b6c4b37f57d4649daea7593e5 (patch)
tree47ecd02a54efa938ac91b654a3370578c1306cc3
parent2198058624d456e7434f5fbbb998cd232ea3e9e6 (diff)
downloadsamba-9c169e9e42b58e7b6c4b37f57d4649daea7593e5.tar.gz
samba-9c169e9e42b58e7b6c4b37f57d4649daea7593e5.tar.bz2
samba-9c169e9e42b58e7b6c4b37f57d4649daea7593e5.zip
Don't fill password policy structure for any domain other than our own.
The samr connects will fail. This is not independent of the CONTACT_TRUSTDOM flag neede by krb5 logins. (This used to be commit 4de4949e3bfcfb2169c329f19cb76936d9043d50)
-rw-r--r--source3/winbindd/winbindd_pam.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 63127cbfcd..3b13a9269a 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1638,12 +1638,24 @@ process_result:
if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
- result = fillup_password_policy(domain, state);
-
+ struct winbindd_domain *our_domain = find_our_domain();
+
+ /* This is not entiurely correct I believe, but it is
+ consistent. Only apply the password policy settings
+ too warn users for our own domain. Cannot obtain these
+ from trusted DCs all the time so don't do it at all.
+ -- jerry */
+
+ result = NT_STATUS_NOT_SUPPORTED;
+ if (our_domain == domain ) {
+a result = fillup_password_policy(our_domain, state);
+ }
+
if (!NT_STATUS_IS_OK(result)
&& !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
{
- DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+ DEBUG(10,("Failed to get password policies for domain %s: %s\n",
+ domain->name, nt_errstr(result)));
goto done;
}
}