sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-24 21:49:29 +03:00
Code Activity

s4:kdc: disable support for CROSS_ORGANIZATION domains

Browse Source 
We don't support selective authentication yet,
so we shouldn't silently allow domain wide authentication
for such a trust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 28 19:45:13 CET 2018 on sn-devel-144

(cherry picked from commit 31b5328c46)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Thu Mar  1 06:08:56 CET 2018 on sn-devel-144
This commit is contained in:
Stefan Metzmacher
2018-02-01 11:06:10 +01:00
parent 1d92e79cb0
commit 4cfa1f5e1a
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
source4/kdc/db-glue.c
View File

@ -1225,6 +1225,15 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
goto out;
}
if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION) {
/*
* We don't support selective authentication yet.
*/
krb5_clear_error_message(context);
ret = SDB_ERR_NOENTRY;
goto out;
}
if (tdo->domain_name.string == NULL) {
krb5_clear_error_message(context);
ret = SDB_ERR_NOENTRY;