parent
b15ae90556
commit
2d1d6fb9c9
|
@ -71,3 +71,4 @@ samba-3.6.0pre1.tar.gz
|
|||
/samba-4.4.7.tar.xz
|
||||
/samba-4.4.8.tar.xz
|
||||
/samba-4.4.9.tar.xz
|
||||
/samba-4.4.10.tar.xz
|
||||
|
|
|
@ -1,68 +0,0 @@
|
|||
From 9845aff09ac6b136ee363f7fb869bfd3a8f9b8c1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
||||
Date: Fri, 10 Jun 2016 16:51:18 +0200
|
||||
Subject: [PATCH] s3-winbind: Fix schannel connections against trusted domain
|
||||
DCs
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
|
||||
|
||||
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
||||
Signed-off-by: Guenther Deschner <gd@samba.org>
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||
(cherry picked from commit d2379caa77fe02264323d69fee1bcad33f1bfeee)
|
||||
---
|
||||
source3/winbindd/winbindd_cm.c | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
|
||||
index 45e3fad..f1f98db 100644
|
||||
--- a/source3/winbindd/winbindd_cm.c
|
||||
+++ b/source3/winbindd/winbindd_cm.c
|
||||
@@ -903,6 +903,7 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
|
||||
struct cli_credentials *creds;
|
||||
NTSTATUS status;
|
||||
bool force_machine_account = false;
|
||||
+ bool ok;
|
||||
|
||||
/* If we are a DC and this is not our own domain */
|
||||
|
||||
@@ -947,7 +948,13 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
|
||||
CRED_DONT_USE_KERBEROS);
|
||||
}
|
||||
|
||||
- if (creds_domain != domain) {
|
||||
+ /*
|
||||
+ * When we contact our own domain and get a list of the trusted domain
|
||||
+ * we have the information if we are able to contact the DC with
|
||||
+ * with our machine account password.
|
||||
+ */
|
||||
+ ok = winbindd_can_contact_domain(domain);
|
||||
+ if (!ok) {
|
||||
/*
|
||||
* We can only use schannel against a direct trust
|
||||
*/
|
||||
@@ -3284,6 +3291,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
|
||||
|
||||
sec_chan_type = cli_credentials_get_secure_channel_type(creds);
|
||||
if (sec_chan_type == SEC_CHAN_NULL) {
|
||||
+ DBG_WARNING("get_secure_channel_type gave SEC_CHAN_NULL for %s\n",
|
||||
+ domain->name);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
|
||||
@@ -3323,6 +3332,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
|
||||
conn->netlogon_flags = netlogon_creds->negotiate_flags;
|
||||
TALLOC_FREE(netlogon_creds);
|
||||
|
||||
+ /*
|
||||
+ * FIXME: Document in which case we are not able to contact
|
||||
+ * a DC without schannel. Which information do we try to get
|
||||
+ * from this DC?
|
||||
+ */
|
||||
if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
|
||||
if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
|
||||
result = NT_STATUS_DOWNGRADE_DETECTED;
|
||||
--
|
||||
2.8.4
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
%define main_release 0
|
||||
|
||||
%define samba_version 4.4.9
|
||||
%define samba_version 4.4.10
|
||||
%define talloc_version 2.1.6
|
||||
%define tdb_version 1.3.8
|
||||
%define tevent_version 0.9.28
|
||||
|
@ -107,8 +107,6 @@ Source6: samba.pamd
|
|||
Source200: README.dc
|
||||
Source201: README.downgrade
|
||||
|
||||
Patch0: samba-4.4.5-fix_resolving_trusted_domain_users.patch
|
||||
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
|
@ -690,8 +688,6 @@ and use CTDB instead.
|
|||
%prep
|
||||
%setup -q -n samba-%{version}%{pre_release}
|
||||
|
||||
%patch0 -p 1 -b .samba-4.4.5-fix_resolving_trusted_domain_users.patch
|
||||
|
||||
%build
|
||||
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
|
||||
%global _tevent_lib ,tevent,pytevent
|
||||
|
@ -1996,6 +1992,9 @@ rm -rf %{buildroot}
|
|||
%endif # with_clustering_support
|
||||
|
||||
%changelog
|
||||
* Wed Mar 01 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.10-0
|
||||
- Update to Samba 4.4.10
|
||||
|
||||
* Wed Jan 04 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.9-0
|
||||
- Update to Samba 4.4.9
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (samba-4.4.9.tar.xz) = f88eef036bcf744df2d3780e1ac50ac07e6290fa18b6947e92d130581b3b580a9c1cf4258a309c1dd98702e61e50ffbb48a4fd188e14a5ebe6bb7a8b2279df79
|
||||
SHA512 (samba-4.4.10.tar.xz) = d4a07b009dd44ad84d74f6568a7006f0d658cadc0a75763396be7530d64539283b927ecfb60ba218e34b3826c54bd641de8679a94c497b3f575de57c054f70b3
|
||||
|
|
Loading…
Reference in New Issue