/[smeserver]/rpms/samba/sme10/samba-4.4.5-accept_empty_realm_for_ad_domains_with_security_domain.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-4.4.5-accept_empty_realm_for_ad_domains_with_security_domain.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Tue May 8 16:37:54 2018 UTC (6 years, 1 month ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
upgrade to samba-4.6.2-12

1 unnilennium 1.1 From a24fa6abf4f8a937554d292448a765677f9dec53 Mon Sep 17 00:00:00 2001
2     From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
3     Date: Tue, 31 May 2016 18:47:34 +0200
4     Subject: [PATCH] s3:libnet: accept empty realm for AD domains when only
5     security=domain is set.
6     MIME-Version: 1.0
7     Content-Type: text/plain; charset=UTF-8
8     Content-Transfer-Encoding: 8bit
9    
10     Initial patch from Matt Rogers @ RedHat.
11    
12     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
13    
14     Guenther
15    
16     Pair-Programmed-With: Andreas Schneider <asn@samba.org>
17     Signed-off-by: Guenther Deschner <gd@samba.org>
18     Signed-off-by: Andreas Schneider <asn@samba.org>
19    
20     Autobuild-User(master): Günther Deschner <gd@samba.org>
21     Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
22    
23     (cherry picked from commit 234a470f198f8f09f46aaeaf58f966faccedef18)
24     ---
25     source3/libnet/libnet_join.c | 17 +++++++++++++++++
26     1 file changed, 17 insertions(+)
27    
28     diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
29     index a28864d..b5a5ae2 100644
30     --- a/source3/libnet/libnet_join.c
31     +++ b/source3/libnet/libnet_join.c
32     @@ -2367,9 +2367,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
33     W_ERROR_HAVE_NO_MEMORY(wrong_conf);
34     }
35    
36     + /*
37     + * We should generate the warning for the special case when
38     + * domain is AD, "security = domain" and the realm parameter is
39     + * not set.
40     + */
41     + if (lp_security() == SEC_DOMAIN &&
42     + r->out.domain_is_ad &&
43     + !valid_realm) {
44     + libnet_join_set_error_string(mem_ctx, r,
45     + "Warning: when joining AD domains with security=domain, "
46     + "\"realm\" should be defined in the configuration (%s) "
47     + "and configuration modification was not requested",
48     + wrong_conf);
49     + return WERR_OK;
50     + }
51     +
52     libnet_join_set_error_string(mem_ctx, r,
53     "Invalid configuration (%s) and configuration modification "
54     "was not requested", wrong_conf);
55     +
56     return WERR_CAN_NOT_COMPLETE;
57     }
58    
59     --
60     2.9.0
61    
62     From 872207a7dcbb6272e6a4e8bf2fd366128a63e087 Mon Sep 17 00:00:00 2001
63     From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
64     Date: Wed, 15 Jun 2016 16:04:29 +0200
65     Subject: [PATCH 1/2] s3-libnet: Print error string even on successfuly
66     completion of libnetjoin.
67    
68     Sometimes useful information should be printed to the users.
69    
70     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
71    
72     Guenther
73    
74     Signed-off-by: Guenther Deschner <gd@samba.org>
75     (cherry picked from commit 632faa87610b3afca3f8d3e9f3f46ee6b87f362a)
76     ---
77     source3/utils/net_ads.c | 5 +++++
78     source3/utils/net_rpc.c | 10 ++++++++++
79     2 files changed, 15 insertions(+)
80    
81     diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
82     index 90af09e..c61aa0d 100644
83     --- a/source3/utils/net_ads.c
84     +++ b/source3/utils/net_ads.c
85     @@ -1596,6 +1596,11 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
86     r->out.netbios_domain_name);
87     }
88    
89     + /* print out informative error string in case there is one */
90     + if (r->out.error_string != NULL) {
91     + d_printf("%s\n", r->out.error_string);
92     + }
93     +
94     /*
95     * We try doing the dns update (if it was compiled in
96     * and if it was not disabled on the command line).
97     diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
98     index 93caf04..1e3e286 100644
99     --- a/source3/utils/net_rpc.c
100     +++ b/source3/utils/net_rpc.c
101     @@ -428,6 +428,11 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
102     r->out.netbios_domain_name);
103     }
104    
105     + /* print out informative error string in case there is one */
106     + if (r->out.error_string != NULL) {
107     + d_printf("%s\n", r->out.error_string);
108     + }
109     +
110     TALLOC_FREE(mem_ctx);
111    
112     return 0;
113     @@ -607,6 +612,11 @@ static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **a
114     r->out.netbios_domain_name);
115     }
116    
117     + /* print out informative error string in case there is one */
118     + if (r->out.error_string != NULL) {
119     + d_printf("%s\n", r->out.error_string);
120     + }
121     +
122     TALLOC_FREE(mem_ctx);
123    
124     return 0;
125     --
126     2.5.5
127    
128    
129     From 3f5af70f63f2ca141da8bd28ae131079b7f93f55 Mon Sep 17 00:00:00 2001
130     From: Michael Adam <obnox@samba.org>
131     Date: Wed, 15 Jun 2016 23:03:32 +0200
132     Subject: [PATCH 2/2] libnet: ignore realm setting for domain security joins to
133     AD domains if 'winbind rpc only = true'
134    
135     Inspired by initial patch from Matt Rogers @ RedHat.
136    
137     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
138    
139     Signed-off-by: Michael Adam <obnox@samba.org>
140     Reviewed-by: Guenther Deschner <gd@samba.org>
141    
142     Autobuild-User(master): Michael Adam <obnox@samba.org>
143     Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
144    
145     (cherry picked from commit e29d8f108cd090706dc3f54282f5c33ec30df899)
146     ---
147     source3/libnet/libnet_join.c | 16 ++++++++++++++++
148     1 file changed, 16 insertions(+)
149    
150     diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
151     index c007183..bab58f3 100644
152     --- a/source3/libnet/libnet_join.c
153     +++ b/source3/libnet/libnet_join.c
154     @@ -2303,6 +2303,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
155     bool valid_security = false;
156     bool valid_workgroup = false;
157     bool valid_realm = false;
158     + bool ignored_realm = false;
159    
160     /* check if configuration is already set correctly */
161    
162     @@ -2322,11 +2323,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
163     valid_realm = strequal(lp_realm(), r->out.dns_domain_name);
164     switch (lp_security()) {
165     case SEC_DOMAIN:
166     + if (!valid_realm && lp_winbind_rpc_only()) {
167     + valid_realm = true;
168     + ignored_realm = true;
169     + }
170     case SEC_ADS:
171     valid_security = true;
172     }
173    
174     if (valid_workgroup && valid_realm && valid_security) {
175     + if (ignored_realm && !r->in.modify_config)
176     + {
177     + libnet_join_set_error_string(mem_ctx, r,
178     + "Warning: ignoring realm when "
179     + "joining AD domain with "
180     + "'security=domain' and "
181     + "'winbind rpc only = yes'. "
182     + "(realm set to '%s', "
183     + "should be '%s').", lp_realm(),
184     + r->out.dns_domain_name);
185     + }
186     /* nothing to be done */
187     return WERR_OK;
188     }
189     --
190     2.5.5
191    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed