The Samba-Bugzilla – Attachment 13002 Details for
Bug 12605
Winbindd endless looping in forest trust scan
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patch for master
tmp.diff.txt (text/plain), 2.96 KB, created by
Stefan Metzmacher
on 2017-03-02 11:16:51 UTC
(
hide
)
Description:
Possible patch for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-03-02 11:16:51 UTC
Size:
2.96 KB
patch
obsolete
>From 2c956efc8077c549d3653d9ba99e2833d074ff28 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 2 Mar 2017 08:13:57 +0100 >Subject: [PATCH] s3:winbindd: fix endless forest trust scan > >Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively >disabled the enumeration of trusts in other forests. > >The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691 >changed the way we fill domain->domain_flags for domains >in other forests. > >Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the >ability to enumerate trusts of other forests again, in order to >fix https://bugzilla.samba.org/show_bug.cgi?id=11830 > >Now we have the problem that multiple domains >(even outside of our forest) are considert to be >our forest root, as they have the following flags: >NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source3/winbindd/winbindd_ads.c | 8 ++++++++ > source3/winbindd/winbindd_util.c | 22 ++++++++++++++++++++++ > 2 files changed, 30 insertions(+) > >diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c >index 05ef2ec..cde9099 100644 >--- a/source3/winbindd/winbindd_ads.c >+++ b/source3/winbindd/winbindd_ads.c >@@ -1133,6 +1133,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, > } > TALLOC_FREE(parent); > >+ /* >+ * We need to pass the modified properties >+ * to the caller. >+ */ >+ trust->trust_flags = d.domain_flags; >+ trust->trust_type = d.domain_type; >+ trust->trust_attributes = d.domain_trust_attribs; >+ > wcache_tdc_add_domain( &d ); > ret_count++; > } >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index ffcb09d..ab6862d 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -342,6 +342,20 @@ static void trustdom_list_done(struct tevent_req *req) > char *p; > struct winbindd_tdc_domain trust_params = {0}; > ptrdiff_t extra_len; >+ bool within_forest = false; >+ >+ /* >+ * Only when we enumerate our primary domain >+ * or our forest root domain, we should keep >+ * the NETR_TRUST_FLAG_IN_FOREST flag, in >+ * all other cases we need to clear it as the domain >+ * is not part of our forest. >+ */ >+ if (state->domain->primary) { >+ within_forest = true; >+ } else if (domain_is_forest_root(state->domain)) { >+ within_forest = true; >+ } > > res = wb_domain_request_recv(req, state, &response, &err); > if ((res == -1) || (response->result != WINBINDD_OK)) { >@@ -427,6 +441,14 @@ static void trustdom_list_done(struct tevent_req *req) > > trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10); > >+ if (!within_forest) { >+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST; >+ } >+ >+ if (!state->domain->primary) { >+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY; >+ } >+ > /* > * We always call add_trusted_domain() cause on an existing > * domain structure, it will update the SID if necessary. >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13002">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 12605
: 13002 |
13005
|
13006
|
13007