Tree - rpms/samba - CentOS Git server

rpms / samba

Blame SOURCES/samba-4.4.5-fix_resolving_trusted_domain_users.patch

Blob History Raw

		6539dc	`From 9845aff09ac6b136ee363f7fb869bfd3a8f9b8c1 Mon Sep 17 00:00:00 2001`
		6539dc	`From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>`
		6539dc	`Date: Fri, 10 Jun 2016 16:51:18 +0200`
		6539dc	`Subject: [PATCH] s3-winbind: Fix schannel connections against trusted domain`
		6539dc	`DCs`
		6539dc
		6539dc	`BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830`
		6539dc
		6539dc	`Pair-Programmed-With: Andreas Schneider <asn@samba.org>`
		6539dc	`Signed-off-by: Guenther Deschner <gd@samba.org>`
		6539dc	`Signed-off-by: Andreas Schneider <asn@samba.org>`
		6539dc	`Reviewed-by: Alexander Bokovoy <ab@samba.org>`
		6539dc	`(cherry picked from commit d2379caa77fe02264323d69fee1bcad33f1bfeee)`
		6539dc	`---`
		6539dc	`source3/winbindd/winbindd_cm.c \| 16 +++++++++++++++-`
		6539dc	`1 file changed, 15 insertions(+), 1 deletion(-)`
		6539dc
		6539dc	`diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c`
		6539dc	`index 45e3fad..f1f98db 100644`
		6539dc	`--- a/source3/winbindd/winbindd_cm.c`
		6539dc	`+++ b/source3/winbindd/winbindd_cm.c`
		6539dc	`@@ -903,6 +903,7 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,`
		6539dc	`struct cli_credentials *creds;`
		6539dc	`NTSTATUS status;`
		6539dc	`bool force_machine_account = false;`
		6539dc	`+ bool ok;`
		6539dc
		6539dc	`/* If we are a DC and this is not our own domain */`
		6539dc
		6539dc	`@@ -947,7 +948,13 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,`
		6539dc	`CRED_DONT_USE_KERBEROS);`
		6539dc	`}`
		6539dc
		6539dc	`- if (creds_domain != domain) {`
		6539dc	`+ /*`
		6539dc	`+ * When we contact our own domain and get a list of the trusted domain`
		6539dc	`+ * we have the information if we are able to contact the DC with`
		6539dc	`+ * with our machine account password.`
		6539dc	`+ */`
		6539dc	`+ ok = winbindd_can_contact_domain(domain);`
		6539dc	`+ if (!ok) {`
		6539dc	`/*`
		6539dc	`* We can only use schannel against a direct trust`
		6539dc	`*/`
		6539dc	`@@ -3284,6 +3291,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,`
		6539dc
		6539dc	`sec_chan_type = cli_credentials_get_secure_channel_type(creds);`
		6539dc	`if (sec_chan_type == SEC_CHAN_NULL) {`
		6539dc	`+ DBG_WARNING("get_secure_channel_type gave SEC_CHAN_NULL for %s\n",`
		6539dc	`+ domain->name);`
		6539dc	`return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;`
		6539dc	`}`
		6539dc
		6539dc	`@@ -3323,6 +3332,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,`
		6539dc	`conn->netlogon_flags = netlogon_creds->negotiate_flags;`
		6539dc	`TALLOC_FREE(netlogon_creds);`
		6539dc
		6539dc	`+ /*`
		6539dc	`+ * FIXME: Document in which case we are not able to contact`
		6539dc	`+ * a DC without schannel. Which information do we try to get`
		6539dc	`+ * from this DC?`
		6539dc	`+ */`
		6539dc	`if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {`
		6539dc	`if (lp_winbind_sealed_pipes() \|\| lp_require_strong_key()) {`
		6539dc	`result = NT_STATUS_DOWNGRADE_DETECTED;`
		6539dc	`--`
		6539dc	`2.8.4`
		6539dc

rpms / samba

Source Code

Blame SOURCES/samba-4.4.5-fix_resolving_trusted_domain_users.patch