37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From d5438718efffaf9bdfb6abe2d7fe8ecb1a316b84 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Thu, 11 May 2023 17:21:03 +0200
|
|
Subject: [PATCH] Allow samba-rpcd work with passwords
|
|
|
|
A domain transition on chkpwd execution was allowed to winbind_rpcd_t
|
|
unconditionally and permissions to use the passwd command only when the
|
|
samba_domain_controller boolean is turned on.
|
|
|
|
Resolves: rhbz#2107106
|
|
---
|
|
policy/modules/contrib/samba.te | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
|
|
index 6143ea2622..c8123ff29d 100644
|
|
--- a/policy/modules/contrib/samba.te
|
|
+++ b/policy/modules/contrib/samba.te
|
|
@@ -471,6 +471,9 @@ tunable_policy(`samba_domain_controller',`
|
|
usermanage_domtrans_useradd(smbd_t)
|
|
usermanage_domtrans_groupadd(smbd_t)
|
|
allow smbd_t self:passwd passwd;
|
|
+
|
|
+ usermanage_domtrans_passwd(winbind_rpcd_t)
|
|
+ allow winbind_rpcd_t self:passwd passwd;
|
|
')
|
|
|
|
tunable_policy(`samba_enable_home_dirs',`
|
|
@@ -1213,6 +1216,7 @@ term_getattr_pty_fs(winbind_rpcd_t)
|
|
term_use_ptmx(winbind_rpcd_t)
|
|
|
|
optional_policy(`
|
|
+ auth_domtrans_chk_passwd(winbind_rpcd_t)
|
|
auth_read_passwd(winbind_rpcd_t)
|
|
')
|
|
|