[PATCH] Remove a misleading comment
Jeremy Allison
jra at samba.org
Fri Oct 27 18:31:19 UTC 2017
On Fri, Oct 27, 2017 at 02:06:13PM +0200, Volker Lendecke via samba-technical wrote:
> Hi!
>
> Review appreciated!
LGTM. RB+ and pushed !
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 208c368e0a575649442a67859df6427e00aec723 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Fri, 27 Oct 2017 14:01:41 +0200
> Subject: [PATCH] winbindd: Remove a misleading comment
>
> The reality is a bit more complex than this comment indicates. We should never
> suggest anywhere that we can connect to domains that we don't have a direct
> trust account to. For the member case, it's "our" domain, and for the DC case,
> it's the direct trusts. Everything else is pure luck.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/winbindd/winbindd_cache.c | 18 ------------------
> 1 file changed, 18 deletions(-)
>
> diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
> index 93501e4073b..faea764cb5d 100644
> --- a/source3/winbindd/winbindd_cache.c
> +++ b/source3/winbindd/winbindd_cache.c
> @@ -147,24 +147,6 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
> init_dc_connection(domain, false);
> }
>
> - /*
> - OK. Listen up because I'm only going to say this once.
> - We have the following scenarios to consider
> - (a) trusted AD domains on a Samba DC,
> - (b) trusted AD domains and we are joined to a non-kerberos domain
> - (c) trusted AD domains and we are joined to a kerberos (AD) domain
> -
> - For (a) we can always contact the trusted domain using krb5
> - since we have the domain trust account password
> -
> - For (b) we can only use RPC since we have no way of
> - getting a krb5 ticket in our own domain
> -
> - For (c) we can always use krb5 since we have a kerberos trust
> -
> - --jerry
> - */
> -
> #ifdef HAVE_ADS
> if (domain->backend == NULL) {
> struct winbindd_domain *our_domain = domain;
> --
> 2.11.0
>
More information about the samba-technical
mailing list