The Samba-Bugzilla – Attachment 14756 Details for
Bug 13722
NT4 DC requires winbindd even without trusts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-8-test
tmp48.diff.txt (text/plain), 5.44 KB, created by
Stefan Metzmacher
on 2018-12-21 12:46:02 UTC
(
hide
)
Description:
Patches for v4-8-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2018-12-21 12:46:02 UTC
Size:
5.44 KB
patch
obsolete
>From 9928c592d094ea7443b375a5dae252aee517b3b2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 8 Dec 2018 22:48:33 +0100 >Subject: [PATCH 1/3] s3:auth_winbind: remove fallback to optional backend > >This is not possible anymore, as the trustdomain backend >was removed in commit 75c152c0d764165a4a9dd0a85390af063dd0192a. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit f3bac8c91121871bf8ce852bc3e3ea2e834d3f27) >--- > source3/auth/auth.c | 2 +- > source3/auth/auth_winbind.c | 16 ---------------- > 2 files changed, 1 insertion(+), 17 deletions(-) > >diff --git a/source3/auth/auth.c b/source3/auth/auth.c >index 4df74f9f39fc..cdf4f1db4309 100644 >--- a/source3/auth/auth.c >+++ b/source3/auth/auth.c >@@ -545,7 +545,7 @@ NTSTATUS make_auth3_context_for_netlogon(TALLOC_CTX *mem_ctx, > switch (lp_server_role()) { > case ROLE_DOMAIN_BDC: > case ROLE_DOMAIN_PDC: >- methods = "sam_netlogon3 winbind:trustdomain"; >+ methods = "sam_netlogon3 winbind"; > break; > > default: >diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c >index 6bf2118037dc..10e6c53c1085 100644 >--- a/source3/auth/auth_winbind.c >+++ b/source3/auth/auth_winbind.c >@@ -110,12 +110,6 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, > } > > if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) { >- struct auth_methods *auth_method = >- (struct auth_methods *)my_private_data; >- >- if ( auth_method ) >- return auth_method->auth(auth_context, auth_method->private_data, >- mem_ctx, user_info, server_info); > return NT_STATUS_LOGON_FAILURE; > } > >@@ -164,16 +158,6 @@ static NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char > result->name = "winbind"; > result->auth = check_winbind_security; > >- if (param && *param) { >- /* we load the 'fallback' module - if winbind isn't here, call this >- module */ >- auth_methods *priv; >- if (!load_auth_module(auth_context, param, &priv)) { >- return NT_STATUS_UNSUCCESSFUL; >- } >- result->private_data = (void *)priv; >- } >- > *auth_method = result; > return NT_STATUS_OK; > } >-- >2.17.1 > > >From 82345de1d486fd225047623da8d707161614f018 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 8 Dec 2018 22:53:21 +0100 >Subject: [PATCH 2/3] s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if > winbindd is not available > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit ec3adc1e5b3cc953576efa795dfb25af08a8ab79) >--- > source3/auth/auth_winbind.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c >index 10e6c53c1085..0f5d684ff18a 100644 >--- a/source3/auth/auth_winbind.c >+++ b/source3/auth/auth_winbind.c >@@ -110,7 +110,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, > } > > if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) { >- return NT_STATUS_LOGON_FAILURE; >+ return NT_STATUS_NO_LOGON_SERVERS; > } > > if (wbc_status == WBC_ERR_AUTH_ERROR) { >-- >2.17.1 > > >From 4f41601cc7dc0ecccf19cb8f37132407f6036765 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 8 Dec 2018 23:25:40 +0100 >Subject: [PATCH 3/3] s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC > without trusts > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> > >Autobuild-User(master): Alexander Bokovoy <ab@samba.org> >Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144 > >(cherry picked from commit 63dc60767eb13d8fc09ed4bc44faa538581b18f1) >--- > source3/auth/auth_winbind.c | 33 ++++++++++++++++++++++++++++++++- > 1 file changed, 32 insertions(+), 1 deletion(-) > >diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c >index 0f5d684ff18a..93b832265cfa 100644 >--- a/source3/auth/auth_winbind.c >+++ b/source3/auth/auth_winbind.c >@@ -22,6 +22,7 @@ > > #include "includes.h" > #include "auth.h" >+#include "passdb.h" > #include "nsswitch/libwbclient/wbclient.h" > > #undef DBGC_CLASS >@@ -110,7 +111,37 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, > } > > if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) { >- return NT_STATUS_NO_LOGON_SERVERS; >+ struct pdb_trusted_domain **domains = NULL; >+ uint32_t num_domains = 0; >+ NTSTATUS status; >+ >+ if (lp_server_role() == ROLE_DOMAIN_MEMBER) { >+ status = NT_STATUS_NO_LOGON_SERVERS; >+ DBG_ERR("winbindd not running - " >+ "but required as domain member: %s\n", >+ nt_errstr(status)); >+ return status; >+ } >+ >+ status = pdb_enum_trusted_domains(talloc_tos(), &num_domains, &domains); >+ if (!NT_STATUS_IS_OK(status)) { >+ DBG_ERR("pdb_enum_trusted_domains() failed - %s\n", >+ nt_errstr(status)); >+ return status; >+ } >+ TALLOC_FREE(domains); >+ >+ if (num_domains == 0) { >+ DBG_DEBUG("winbindd not running - ignoring without " >+ "trusted domains\n"); >+ return NT_STATUS_NOT_IMPLEMENTED; >+ } >+ >+ status = NT_STATUS_NO_LOGON_SERVERS; >+ DBG_ERR("winbindd not running - " >+ "but required as DC with trusts: %s\n", >+ nt_errstr(status)); >+ return status; > } > > if (wbc_status == WBC_ERR_AUTH_ERROR) { >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ab
:
review+
Actions:
View
Attachments on
bug 13722
:
14753
|
14754
| 14756