Fix IPA DC schannel support
Guenther
This commit is contained in:
Günther Deschner
parent
598cab6469
commit
d2806fa77c
45
samba-4.13-ipa-dc-schannel.patch
Normal file
45
samba-4.13-ipa-dc-schannel.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <ab@samba.org>
|
||||
Date: Fri, 12 Nov 2021 19:06:01 +0200
|
||||
Subject: [PATCH] IPA DC: add missing checks
|
||||
|
||||
When introducing FreeIPA support, two places were forgotten:
|
||||
|
||||
- schannel gensec module needs to be aware of IPA DC
|
||||
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
|
||||
|
||||
Signed-off-by: Alexander Bokovoy <ab@samba.org>
|
||||
---
|
||||
auth/gensec/schannel.c | 1 +
|
||||
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
|
||||
index 0cdae141ead..6ebbe8f3179 100644
|
||||
--- a/auth/gensec/schannel.c
|
||||
+++ b/auth/gensec/schannel.c
|
||||
@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
|
||||
case ROLE_DOMAIN_BDC:
|
||||
case ROLE_DOMAIN_PDC:
|
||||
case ROLE_ACTIVE_DIRECTORY_DC:
|
||||
+ case ROLE_IPA_DC:
|
||||
return NT_STATUS_OK;
|
||||
default:
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
|
||||
index 8d71b5252ab..ea92a22cbc9 100644
|
||||
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
|
||||
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
|
||||
@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
|
||||
switch (lp_server_role()) {
|
||||
case ROLE_DOMAIN_PDC:
|
||||
case ROLE_DOMAIN_BDC:
|
||||
+ case ROLE_IPA_DC:
|
||||
name = get_global_sam_name();
|
||||
sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
|
||||
if (!sid) {
|
||||
--
|
||||
2.33.1
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||
|
||||
%define main_release 1
|
||||
%define main_release 2
|
||||
|
||||
%define samba_version 4.13.14
|
||||
%define talloc_version 2.3.1
|
||||
@ -137,6 +137,7 @@ Patch1: samba-s4u.patch
|
||||
# Generate the patchset using: git format-patch -l1 --stdout -N > samba-4.13-redhat.patch
|
||||
Patch2: samba-4.13-redhat.patch
|
||||
Patch3: samba-4.13-fix-winbind-no-trusted-domain.patch
|
||||
Patch4: samba-4.13-ipa-dc-schannel.patch
|
||||
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
Requires(post): systemd
|
||||
@ -3675,6 +3676,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Nov 13 2021 Guenther Deschner <gdeschner@redhat.com> - 4.13.14-2
|
||||
- Fix IPA DC schannel support
|
||||
|
||||
* Thu Nov 11 2021 Guenther Deschner <gdeschner@redhat.com> - 4.13.14-1
|
||||
- Fix winbind trusted domain regression
|
||||
- related: #2021716
|
||||
|
||||
Loading…
Reference in New Issue
Block a user