[PATCH] Remove a misleading comment

Jeremy Allison jra at samba.org
Fri Oct 27 18:31:19 UTC 2017 

On Fri, Oct 27, 2017 at 02:06:13PM +0200, Volker Lendecke via samba-technical wrote:
> Hi!
> 
> Review appreciated!

LGTM. RB+ and pushed !

> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de

> From 208c368e0a575649442a67859df6427e00aec723 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Fri, 27 Oct 2017 14:01:41 +0200
> Subject: [PATCH] winbindd: Remove a misleading comment
> 
> The reality is a bit more complex than this comment indicates. We should never
> suggest anywhere that we can connect to domains that we don't have a direct
> trust account to. For the member case, it's "our" domain, and for the DC case,
> it's the direct trusts. Everything else is pure luck.
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/winbindd/winbindd_cache.c | 18 ------------------
>  1 file changed, 18 deletions(-)
> 
> diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
> index 93501e4073b..faea764cb5d 100644
> --- a/source3/winbindd/winbindd_cache.c
> +++ b/source3/winbindd/winbindd_cache.c
> @@ -147,24 +147,6 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
>  		init_dc_connection(domain, false);
>  	}
>  
> -	/*
> -	   OK.  Listen up because I'm only going to say this once.
> -	   We have the following scenarios to consider
> -	   (a) trusted AD domains on a Samba DC,
> -	   (b) trusted AD domains and we are joined to a non-kerberos domain
> -	   (c) trusted AD domains and we are joined to a kerberos (AD) domain
> -
> -	   For (a) we can always contact the trusted domain using krb5
> -	   since we have the domain trust account password
> -
> -	   For (b) we can only use RPC since we have no way of
> -	   getting a krb5 ticket in our own domain
> -
> -	   For (c) we can always use krb5 since we have a kerberos trust
> -
> -	   --jerry
> -	 */
> -
>  #ifdef HAVE_ADS
>  	if (domain->backend == NULL) {
>  		struct winbindd_domain *our_domain = domain;
> -- 
> 2.11.0
>

More information about the samba-technical mailing list