Use workaround for winbind default domain only when set.

2012-11-13 13:03:37 +01:00 · 2012-11-13 13:03:37 +01:00 · 2c6f626ea7
commit 2c6f626ea7
parent b9c801614f
2 changed files with 54 additions and 1 deletions
--- a/samba-4.0.0rc6-winbind_default_domain_workaround.patch
+++ b/samba-4.0.0rc6-winbind_default_domain_workaround.patch
@ -0,0 +1,48 @@
 commit 3bbe690c50a5d4e2ff81ff1eeeaa728990b73637
 Author:     Sumit Bose <sbose@redhat.com>
 AuthorDate: Mon Oct 29 12:09:22 2012 +0100
 Commit:     Andreas Schneider <asn@cryptomilk.org>
 CommitDate: Mon Nov 12 15:54:15 2012 +0100
    Use work around for 'winbind use default domain' only if it is set
    Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
    character is always added to the user name returned by Get_Pwnam_alloc() if it
    does not contain the winbind separator character. As comments in the code
    indicates this is done as a work around if 'winbind use default domain' is set
    to yes in the samba configuration.
    This make sense if the option is set because otherwise the domain information is
    lost from the user name. But it causes errors if other services than winbind are
    used for user lookup, e.g. sssd. sssd can handle different kind of fully
    qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
    canonical name, by default user@domain.name.
    While it would be possible to get around this issue with a special configuration
    either on the sssd or samba side I think the cleaner solution is to use the work
    around only if 'winbind use default domain' is set to yes which is what this
    patch does.
    Reviewed-by: Andreas Schneider <asn@samba.org>
    Reviewed-by: Alexander Bokovoy <ab@samba.org>
    Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
    Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
 ---
 source3/auth/auth_util.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
 index a08d094..83c95a9 100644
 --- a/source3/auth/auth_util.c
 +++ b/source3/auth/auth_util.c
@@ -1331,7 +1331,8 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
 			/* make sure we get the case of the username correct */
 			/* work around 'winbind use default domain = yes' */
 -			if ( !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
 +			if ( lp_winbind_use_default_domain() &&
 +			     !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
 				char *domain;
 				/* split the domain and username into 2 strings */
--- a/samba.spec
+++ b/samba.spec
@ -1,4 +1,4 @@
-%define main_release 166
+%define main_release 167
 %define samba_version 4.0.0
 %define talloc_version 2.0.7
@ -62,6 +62,7 @@ Source200: README.dc
 Source201: README.downgrade
 Patch0: samba-4.0.0rc6-LogonSamLogon_failover.patch
 Patch1: samba-4.0.0rc6-winbind_default_domain_workaround.patch
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@ -405,6 +406,7 @@ the local kerberos library to use the same KDC as samba and winbind use
 %setup -q -n samba-%{version}%{pre_release}
 %patch0 -p1 -b .samlogon_failover
 %patch1 -p1 -b .winbind_default_domain_workaround
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@ -1298,6 +1300,9 @@ rm -rf %{buildroot}
 %{_mandir}/man7/winbind_krb5_locator.7*
 %changelog
 * Tue Nov 13 2012 - Andreas Schneider <asn@redhat.com> - 2:4.0.0-167.rc5
 - Use workaround for winbind default domain only when set.
 * Tue Nov 13 2012 - Andreas Schneider <asn@redhat.com> - 2:4.0.0-166.rc5
 - Update to Samba 4.0.0rc5.