[PATCH] Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.

Jeremy Allison jra at samba.org
Fri Feb 22 18:02:35 MST 2013


This bug was caused as a side effect of commit
dc3a90cf21813526854c12db126d08ebf32f8ae5
which explicitly removes our global sam name
from the list of trusted domains (which was the
correct thing to do), but caused this undesirable
side-effect.

Here's my assessment from the bug report:

-------------------------------------------
Absolutely correct! It's a side effect of commit
dc3a90cf21813526854c12db126d08ebf32f8ae5 for sure.

The only other place this is used is in:

source3/rpc_server/netlogon/srv_netlog_nt.c where we have:

1666                 /* If we don't know what this domain is, we need to
1667                    indicate that we are not authoritative.  This
1668                    allows the client to decide if it needs to try
1669                    a local user.  Fix by jpjanosi at us.ibm.com, #2976 */
1670                 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
1671                      && !strequal(nt_domain, get_global_sam_name())
1672                      && !is_trusted_domain(nt_domain) )
1673                         *r->out.authoritative = false; /* We are not
authoritative */

Your change adds the same check. I'll get this reviewed and in master.
-------------------------------------------

Can I get a second reviewer please !

Thanks,

	Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-bug-9039-map-untrusted-to-domain-treats-WORKSTAT.patch
Type: text/x-diff
Size: 1196 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130222/9bc3159a/attachment.patch>


More information about the samba-technical mailing list