diff options
author | Gerald W. Carter <jerry@samba.org> | 2008-03-27 11:56:29 -0500 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-03-27 11:56:29 -0500 |
commit | 9c169e9e42b58e7b6c4b37f57d4649daea7593e5 (patch) | |
tree | 47ecd02a54efa938ac91b654a3370578c1306cc3 /source3/winbindd | |
parent | 2198058624d456e7434f5fbbb998cd232ea3e9e6 (diff) | |
download | samba-9c169e9e42b58e7b6c4b37f57d4649daea7593e5.tar.gz samba-9c169e9e42b58e7b6c4b37f57d4649daea7593e5.tar.bz2 samba-9c169e9e42b58e7b6c4b37f57d4649daea7593e5.zip |
Don't fill password policy structure for any domain other than our own.
The samr connects will fail. This is not independent of the CONTACT_TRUSTDOM
flag neede by krb5 logins.
(This used to be commit 4de4949e3bfcfb2169c329f19cb76936d9043d50)
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 63127cbfcd..3b13a9269a 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1638,12 +1638,24 @@ process_result: if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) { - result = fillup_password_policy(domain, state); - + struct winbindd_domain *our_domain = find_our_domain(); + + /* This is not entiurely correct I believe, but it is + consistent. Only apply the password policy settings + too warn users for our own domain. Cannot obtain these + from trusted DCs all the time so don't do it at all. + -- jerry */ + + result = NT_STATUS_NOT_SUPPORTED; + if (our_domain == domain ) { +a result = fillup_password_policy(our_domain, state); + } + if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) { - DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result))); + DEBUG(10,("Failed to get password policies for domain %s: %s\n", + domain->name, nt_errstr(result))); goto done; } } |