[SCM] Samba Shared Repository - branch v4-14-test updated

Stefan Metzmacher metze at samba.org
Wed Nov 10 23:46:02 UTC 2021

The branch, v4-14-test has been updated
       via  5b1d789632f s3:winbindd: fix "allow trusted domains = no" regression
      from  4a106c2322c lib: handle NTTIME_THAW in nt_time_to_full_timespec()


- Log -----------------------------------------------------------------
commit 5b1d789632fe67708e64ab9fc4f5b10408699682
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Nov 9 20:50:20 2021 +0100

    s3:winbindd: fix "allow trusted domains = no" regression
    add_trusted_domain() should only reject domains
    based on is_allowed_domain(), which now also
    checks "allow trusted domains = no", if we don't
    have an explicit trust to the domain (SEC_CHAN_NULL).
    We use at least SEC_CHAN_LOCAL for local domains like
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
    (cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935)
    Autobuild-User(v4-14-test): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(v4-14-test): Wed Nov 10 23:45:06 UTC 2021 on sn-devel-184


Summary of changes:
 source3/winbindd/winbindd_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 42ddbfd2f44..9d54e462c42 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
-	if (!is_allowed_domain(domain_name)) {
+	if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {

Samba Shared Repository

More information about the samba-cvs mailing list