mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
0a546be052
Before the CVE-2020-25717 fixes we had a fallback from
getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and
unpredictable.
Now we do the fallback based on sid_to_uid() followed by
getpwuid() on the returned uid.
This obsoletes 'username map [script]' based workaround adviced
for CVE-2020-25717, when nss_winbindd is not used or
idmap_nss is actually used.
In future we may decide to prefer or only do the SID/UID based
lookup, but for now we want to keep this unchanged as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[metze@samba.org moved the new logic into the fallback codepath only
in order to avoid behavior changes as much as possible]
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184
|
||
|---|---|---|
| .. | ||
| auth_builtin.c | ||
| auth_generic.c | ||
| auth_ntlmssp.c | ||
| auth_sam.c | ||
| auth_samba4.c | ||
| auth_unix.c | ||
| auth_util.c | ||
| auth_winbind.c | ||
| auth.c | ||
| check_samsec.c | ||
| pampass.c | ||
| pass_check.c | ||
| proto.h | ||
| server_info_sam.c | ||
| server_info.c | ||
| token_util.c | ||
| user_info.c | ||
| user_krb5.c | ||
| user_util.c | ||
| wscript_build | ||