Attachment 14756 Details for Bug 13722 – Patches for v4-8-test

[patch] Patches for v4-8-test

tmp48.diff.txt (text/plain), 5.44 KB, created by Stefan Metzmacher on 2018-12-21 12:46:02 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2018-12-21 12:46:02 UTC

Size: 5.44 KB

patch

obsolete

>From 9928c592d094ea7443b375a5dae252aee517b3b2 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Sat, 8 Dec 2018 22:48:33 +0100
>Subject: [PATCH 1/3] s3:auth_winbind: remove fallback to optional backend
>
>This is not possible anymore, as the trustdomain backend
>was removed in commit 75c152c0d764165a4a9dd0a85390af063dd0192a.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit f3bac8c91121871bf8ce852bc3e3ea2e834d3f27)
>---
> source3/auth/auth.c         |  2 +-
> source3/auth/auth_winbind.c | 16 ----------------
> 2 files changed, 1 insertion(+), 17 deletions(-)
>
>diff --git a/source3/auth/auth.c b/source3/auth/auth.c
>index 4df74f9f39fc..cdf4f1db4309 100644
>--- a/source3/auth/auth.c
>+++ b/source3/auth/auth.c
>@@ -545,7 +545,7 @@ NTSTATUS make_auth3_context_for_netlogon(TALLOC_CTX *mem_ctx,
> 	switch (lp_server_role()) {
> 	case ROLE_DOMAIN_BDC:
> 	case ROLE_DOMAIN_PDC:
>-		methods = "sam_netlogon3 winbind:trustdomain";
>+		methods = "sam_netlogon3 winbind";
> 		break;
> 
> 	default:
>diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
>index 6bf2118037dc..10e6c53c1085 100644
>--- a/source3/auth/auth_winbind.c
>+++ b/source3/auth/auth_winbind.c
>@@ -110,12 +110,6 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
> 	}
> 
> 	if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
>-		struct auth_methods *auth_method =
>-			(struct auth_methods *)my_private_data;
>-
>-		if ( auth_method )
>-			return auth_method->auth(auth_context, auth_method->private_data, 
>-				mem_ctx, user_info, server_info);
> 		return NT_STATUS_LOGON_FAILURE;
> 	}
> 
>@@ -164,16 +158,6 @@ static NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char
> 	result->name = "winbind";
> 	result->auth = check_winbind_security;
> 
>-	if (param && *param) {
>-		/* we load the 'fallback' module - if winbind isn't here, call this
>-		   module */
>-		auth_methods *priv;
>-		if (!load_auth_module(auth_context, param, &priv)) {
>-			return NT_STATUS_UNSUCCESSFUL;
>-		}
>-		result->private_data = (void *)priv;
>-	}
>-
> 	*auth_method = result;
> 	return NT_STATUS_OK;
> }
>-- 
>2.17.1
>
>
>From 82345de1d486fd225047623da8d707161614f018 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Sat, 8 Dec 2018 22:53:21 +0100
>Subject: [PATCH 2/3] s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if
> winbindd is not available
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>(cherry picked from commit ec3adc1e5b3cc953576efa795dfb25af08a8ab79)
>---
> source3/auth/auth_winbind.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
>index 10e6c53c1085..0f5d684ff18a 100644
>--- a/source3/auth/auth_winbind.c
>+++ b/source3/auth/auth_winbind.c
>@@ -110,7 +110,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
> 	}
> 
> 	if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
>-		return NT_STATUS_LOGON_FAILURE;
>+		return NT_STATUS_NO_LOGON_SERVERS;
> 	}
> 
> 	if (wbc_status == WBC_ERR_AUTH_ERROR) {
>-- 
>2.17.1
>
>
>From 4f41601cc7dc0ecccf19cb8f37132407f6036765 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Sat, 8 Dec 2018 23:25:40 +0100
>Subject: [PATCH 3/3] s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC
> without trusts
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Alexander Bokovoy <ab@samba.org>
>
>Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
>Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144
>
>(cherry picked from commit 63dc60767eb13d8fc09ed4bc44faa538581b18f1)
>---
> source3/auth/auth_winbind.c | 33 ++++++++++++++++++++++++++++++++-
> 1 file changed, 32 insertions(+), 1 deletion(-)
>
>diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
>index 0f5d684ff18a..93b832265cfa 100644
>--- a/source3/auth/auth_winbind.c
>+++ b/source3/auth/auth_winbind.c
>@@ -22,6 +22,7 @@
> 
> #include "includes.h"
> #include "auth.h"
>+#include "passdb.h"
> #include "nsswitch/libwbclient/wbclient.h"
> 
> #undef DBGC_CLASS
>@@ -110,7 +111,37 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
> 	}
> 
> 	if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
>-		return NT_STATUS_NO_LOGON_SERVERS;
>+		struct pdb_trusted_domain **domains = NULL;
>+		uint32_t num_domains = 0;
>+		NTSTATUS status;
>+
>+		if (lp_server_role() == ROLE_DOMAIN_MEMBER) {
>+			status = NT_STATUS_NO_LOGON_SERVERS;
>+			DBG_ERR("winbindd not running - "
>+				"but required as domain member: %s\n",
>+				nt_errstr(status));
>+			return status;
>+		}
>+
>+		status = pdb_enum_trusted_domains(talloc_tos(), &num_domains, &domains);
>+		if (!NT_STATUS_IS_OK(status)) {
>+			DBG_ERR("pdb_enum_trusted_domains() failed - %s\n",
>+				nt_errstr(status));
>+			return status;
>+		}
>+		TALLOC_FREE(domains);
>+
>+		if (num_domains == 0) {
>+			DBG_DEBUG("winbindd not running - ignoring without "
>+				  "trusted domains\n");
>+			return NT_STATUS_NOT_IMPLEMENTED;
>+		}
>+
>+		status = NT_STATUS_NO_LOGON_SERVERS;
>+		DBG_ERR("winbindd not running - "
>+			"but required as DC with trusts: %s\n",
>+			nt_errstr(status));
>+		return status;
> 	}
> 
> 	if (wbc_status == WBC_ERR_AUTH_ERROR) {
>-- 
>2.17.1
>

Flags:

ab: review+

Actions: View

Attachments on bug 13722: 14753 | 14754 | 14756