[SCM] Samba Shared Repository - branch v4-14-test updated
Stefan Metzmacher
metze at samba.org
Wed Nov 10 23:46:02 UTC 2021
The branch, v4-14-test has been updated
via 5b1d789632f s3:winbindd: fix "allow trusted domains = no" regression
from 4a106c2322c lib: handle NTTIME_THAW in nt_time_to_full_timespec()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -----------------------------------------------------------------
commit 5b1d789632fe67708e64ab9fc4f5b10408699682
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 9 20:50:20 2021 +0100
s3:winbindd: fix "allow trusted domains = no" regression
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).
We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935)
Autobuild-User(v4-14-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-14-test): Wed Nov 10 23:45:06 UTC 2021 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 42ddbfd2f44..9d54e462c42 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!is_allowed_domain(domain_name)) {
+ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list