sshd/winbind wrong GID redux

David Newall openssh at davidnewall.com
Wed May 27 16:57:06 AEST 2020


On 27/5/20 12:41 am, Hans Petter Jansson wrote:
> Hi, I'm in the position of having to support a fix for a bad
> interaction between sshd and winbind/Active Directory. It's solved by a
> small patch against openssh, but it would be nice to have the solution
> generally available.
>
> The problem has previously been described on this list by Andreas
> Schneider, see:
>
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html

I have two comments:

First, in the patch, I think it's insufficient to free(s->pw) as s->pw 
probably has copies of strings.  See end of pwcopy() in misc.c.

Second, might userauth_finish() in auth2.c be a better place to reload 
the struct passwd?

It does seem like something which deserves to be fixed.  Don't let it drop.



More information about the openssh-unix-dev mailing list