s4-winbind: Correctly reject the unsupported WBFLAG_PAM_AUTH_PAC flag
authorAndrew Bartlett <abartlet@samba.org>
Thu, 23 Oct 2014 21:32:20 +0000 (10:32 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 5 May 2015 23:22:14 +0000 (01:22 +0200)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source4/winbind/wb_samba3_cmd.c

index 9ec3c4b0ccdd6c058a545316b1fd7431d2309458..4c4033df574ae72178629292a447b276967e0c6d 100644 (file)
@@ -640,6 +640,10 @@ NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
        DATA_BLOB chal, nt_resp, lm_resp;
 
        DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
+       if (s3call->request->flags & WBFLAG_PAM_AUTH_PAC) {
+               DEBUG(3, ("PAC validation not supported in this winbind implementation\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
        chal.data       = s3call->request->data.auth_crap.chal;
        chal.length     = sizeof(s3call->request->data.auth_crap.chal);