sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3:winbindd: fix "allow trusted domains = no" regression

Browse Source 
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).

We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
This commit is contained in:
Stefan Metzmacher 2021-11-09 20:50:20 +01:00
parent 3121be69ca
commit a7f6c60cb0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source3/winbindd/winbindd_util.c
View File

@ -135,7 +135,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
return NT_STATUS_INVALID_PARAMETER;
}
if (!is_allowed_domain(domain_name)) {
if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}