On 27/5/20 12:41 am, Hans Petter Jansson wrote:
Hi, I'm in the position of having to support a fix for a bad
interaction between sshd and winbind/Active Directory. It's solved by a
small patch against openssh, but it would be nice to have the solution
generally available.
The problem has previously been described on this list by Andreas
Schneider, see:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html
I have two comments:
First, in the patch, I think it's insufficient to free(s->pw) as s->pw
probably has copies of strings. See end of pwcopy() in misc.c.
Second, might userauth_finish() in auth2.c be a better place to reload
the struct passwd?
It does seem like something which deserves to be fixed. Don't let it drop.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
