Alexander Bokovoy
parent
7f71dc3fee
commit
a797802842
@ -0,0 +1,35 @@
|
||||
From 97d7bc19bb463cfbb9d45b69cec1e668eb15b4a1 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <ab@samba.org>
|
||||
Date: Thu, 7 May 2015 14:12:03 +0000
|
||||
Subject: [PATCH] auth/credentials: if credentials have principal set, they are
|
||||
not anonymous anymore
|
||||
|
||||
When dealing with Kerberos, we cannot consider credentials anonymous
|
||||
if credentials were obtained properly.
|
||||
|
||||
Signed-off: Alexander Bokovoy <ab@samba.org>
|
||||
---
|
||||
auth/credentials/credentials.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
|
||||
index 78b5955..b1ccc5a 100644
|
||||
--- a/auth/credentials/credentials.c
|
||||
+++ b/auth/credentials/credentials.c
|
||||
@@ -921,6 +921,13 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
|
||||
cred->machine_account_pending_lp_ctx);
|
||||
}
|
||||
|
||||
+ if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
|
||||
+ /* if principal is set, it's not anonymous */
|
||||
+ if (cred->principal && cred->principal_obtained >= cred->username_obtained) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
username = cli_credentials_get_username(cred);
|
||||
|
||||
/* Yes, it is deliberate that we die if we have a NULL pointer
|
||||
--
|
||||
2.4.0
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
# ctdb is enabled by default, you can disable it with: --without clustering
|
||||
%bcond_without clustering
|
||||
|
||||
%define main_release 7
|
||||
%define main_release 8
|
||||
|
||||
%define samba_version 4.2.1
|
||||
%define talloc_version 2.1.2
|
||||
@ -95,6 +95,7 @@ Source0: samba-%{version}%{pre_release}.tar.xz
|
||||
Patch0: samba-4.2.2-fix_debug_macro.patch
|
||||
Patch1: samba-4.2.2-lib-util-fix-detection-of-systemd-libraries.patch
|
||||
Patch2: samba-4.2-fix-rpc-helper.patch
|
||||
Patch3: samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
|
||||
|
||||
# Red Hat specific replacement-files
|
||||
Source1: samba.log
|
||||
@ -643,6 +644,7 @@ and use CTDB instead.
|
||||
%patch0 -p1 -b .samba-4.2.2-fix_debug_macro.patch
|
||||
%patch1 -p1 -b .samba-4.2.2-lib-util-fix-detection-of-systemd-libraries.patch
|
||||
%patch2 -p1 -b .samba-4.2-fix-rpc-helper.patch
|
||||
%patch3 -p1 -b .samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
|
||||
|
||||
%build
|
||||
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
|
||||
@ -1931,6 +1933,9 @@ rm -rf %{buildroot}
|
||||
%endif # with_clustering_support
|
||||
|
||||
%changelog
|
||||
* Mon May 11 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.1-8
|
||||
- Fixes: #1219832: Samba 4.2 broke FreeIPA trusts to AD
|
||||
|
||||
* Thu Apr 30 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.1-7
|
||||
- Fix LSASD daemon
|
||||
- resolves: #1217346 - FreeIPA trusts to AD broken due to Samba 4.2 failure to run LSARPC pipe externally
|
||||
|
||||
Loading…
Reference in New Issue
Block a user