diff options
| author | Alexander Bokovoy <ab@samba.org> | 2020-11-11 18:50:45 +0200 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2021-11-09 19:45:33 +0000 |
| commit | e2d5b4d709293b52112d078d6fcde95593d790c5 (patch) | |
| tree | 5913a1da26d2a90cdb1a1ce8ffaeae2ef872b674 /lib | |
| parent | 57abb7f8f8884f52f1d194c5c74e067aecd0d3dd (diff) | |
| download | samba-e2d5b4d709293b52112d078d6fcde95593d790c5.tar.gz | |
CVE-2020-25717: Add FreeIPA domain controller role
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.
It means that role won't result in ROLE_STANDALONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/param/loadparm_server_role.c | 2 | ||||
| -rw-r--r-- | lib/param/param_table.c | 1 | ||||
| -rw-r--r-- | lib/param/util.c | 1 |
3 files changed, 4 insertions, 0 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 7a6bc770723..a78d1ab9cf3 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -42,6 +42,7 @@ static const struct srv_role_tab { { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" }, { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" }, { ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" }, + { ROLE_IPA_DC, "ROLE_IPA_DC"}, { 0, NULL } }; @@ -140,6 +141,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: if (security == SEC_USER) { valid = true; } diff --git a/lib/param/param_table.c b/lib/param/param_table.c index d9301152d94..9fac73ef113 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -109,6 +109,7 @@ static const struct enum_list enum_server_role[] = { {ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"}, {ROLE_ACTIVE_DIRECTORY_DC, "domain controller"}, {ROLE_ACTIVE_DIRECTORY_DC, "dc"}, + {ROLE_IPA_DC, "IPA primary domain controller"}, {-1, NULL} }; diff --git a/lib/param/util.c b/lib/param/util.c index cd8e74b9d8f..9a0fc102de8 100644 --- a/lib/param/util.c +++ b/lib/param/util.c @@ -255,6 +255,7 @@ const char *lpcfg_sam_name(struct loadparm_context *lp_ctx) case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: return lpcfg_workgroup(lp_ctx); default: return lpcfg_netbios_name(lp_ctx); |