rpms/samba
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix IPA DC schannel support

Browse Source 
Guenther
This commit is contained in:
Günther Deschner 2021-11-13 00:15:32 +01:00
parent 2eedc4de19
commit 2ee30bad8f
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
samba-4.15-ipa-dc-schannel.patch Normal file
View File

@ -0,0 +1,45 @@
From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Fri, 12 Nov 2021 19:06:01 +0200
Subject: [PATCH] IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
auth/gensec/schannel.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 0cdae141ead..6ebbe8f3179 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
case ROLE_DOMAIN_BDC:
case ROLE_DOMAIN_PDC:
case ROLE_ACTIVE_DIRECTORY_DC:
+ case ROLE_IPA_DC:
return NT_STATUS_OK;
default:
return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 8d71b5252ab..ea92a22cbc9 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
+ case ROLE_IPA_DC:
name = get_global_sam_name();
sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
if (!sid) {
--
2.33.1

6
samba.spec
View File

@ -129,7 +129,7 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global baserelease 2 %global baserelease 3
%global samba_version 4.15.2 %global samba_version 4.15.2
%global talloc_version 2.3.3 %global talloc_version 2.3.3
@ -204,6 +204,7 @@ Patch2: samba-4.15.1-winexe.patch
Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch
Patch4: samba-4.15-logfile.patch Patch4: samba-4.15-logfile.patch
Patch5: samba-4.15.2-smbclient_anonymous.patch Patch5: samba-4.15.2-smbclient_anonymous.patch
Patch6: samba-4.15-ipa-dc-schannel.patch
Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/groupadd
Requires(post): systemd Requires(post): systemd
@ -4095,6 +4096,9 @@ fi
%endif %endif
%changelog %changelog
* Sat Nov 13 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.2-3
- Fix IPA DC schannel support
* Thu Nov 11 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.2-2 * Thu Nov 11 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.2-2
- Fix winbind trusted domain regression - Fix winbind trusted domain regression
- related: #2021716 - related: #2021716