diff options
author | V3n3RiX <venerix@koprulu.sector> | 2021-12-05 02:47:11 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2021-12-05 02:47:11 +0000 |
commit | 2771f79232c273bc2a57d23bf335dd81ccf6af28 (patch) | |
tree | c8af0fd04194aed03cf067d44e53c7edd3e9ab84 /net-fs/samba/files | |
parent | e9d044d4b9b71200a96adfa280848858c0f468c9 (diff) |
gentoo resync : 05.12.2021
Diffstat (limited to 'net-fs/samba/files')
-rw-r--r-- | net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch | 42 | ||||
-rw-r--r-- | net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch | 42 |
2 files changed, 84 insertions, 0 deletions
diff --git a/net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch b/net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch new file mode 100644 index 000000000000..23411dad6bec --- /dev/null +++ b/net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch @@ -0,0 +1,42 @@ +From bc07c3b70702100975f8921e56cf9b733ec3b826 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Tue, 9 Nov 2021 20:50:20 +0100 +Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression + +add_trusted_domain() should only reject domains +based on is_allowed_domain(), which now also +checks "allow trusted domains = no", if we don't +have an explicit trust to the domain (SEC_CHAN_NULL). + +We use at least SEC_CHAN_LOCAL for local domains like +BUILTIN. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andreas Schneider <asn@samba.org> + +Autobuild-User(master): Stefan Metzmacher <metze@samba.org> +Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184 + +(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935) +--- + source3/winbindd/winbindd_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c +index 42ddbfd2f44e..9d54e462c425 100644 +--- a/source3/winbindd/winbindd_util.c ++++ b/source3/winbindd/winbindd_util.c +@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name, + return NT_STATUS_INVALID_PARAMETER; + } + +- if (!is_allowed_domain(domain_name)) { ++ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + +-- +2.25.1 + diff --git a/net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch b/net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch new file mode 100644 index 000000000000..457bad16a6e2 --- /dev/null +++ b/net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch @@ -0,0 +1,42 @@ +From 9f73f8a784f2de9211601f92729a47aaa3e51a1a Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Tue, 9 Nov 2021 20:50:20 +0100 +Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression + +add_trusted_domain() should only reject domains +based on is_allowed_domain(), which now also +checks "allow trusted domains = no", if we don't +have an explicit trust to the domain (SEC_CHAN_NULL). + +We use at least SEC_CHAN_LOCAL for local domains like +BUILTIN. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andreas Schneider <asn@samba.org> + +Autobuild-User(master): Stefan Metzmacher <metze@samba.org> +Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184 + +(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935) +--- + source3/winbindd/winbindd_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c +index fe68adec534a..a8c510fafc67 100644 +--- a/source3/winbindd/winbindd_util.c ++++ b/source3/winbindd/winbindd_util.c +@@ -135,7 +135,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name, + return NT_STATUS_INVALID_PARAMETER; + } + +- if (!is_allowed_domain(domain_name)) { ++ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + +-- +2.25.1 + |