diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-01-05 16:01:16 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2015-01-06 22:50:23 +0100 |
| commit | 57300bbf5e5fcb9cb32bd3462e8ed86400b68920 (patch) | |
| tree | 38a3898a8e0d03e16170cefc4ccddf867e10c812 | |
| parent | cfe6377173ef093cb90b167000b86e6626568b61 (diff) | |
| download | samba-57300bbf5e5fcb9cb32bd3462e8ed86400b68920.tar.gz samba-57300bbf5e5fcb9cb32bd3462e8ed86400b68920.tar.xz samba-57300bbf5e5fcb9cb32bd3462e8ed86400b68920.zip | |
s4:rpc_server/lsa: remove msDS-TrustForestTrustInfo if FOREST_TRANSITIVE is cleared
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 6 22:50:23 CET 2015 on sn-devel-104
| -rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index f3d30477e9..cc2048da07 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1366,7 +1366,10 @@ static NTSTATUS get_tdo(struct ldb_context *sam, TALLOC_CTX *mem_ctx, "securityIdentifier", "trustDirection", "trustType", "trustAttributes", "trustPosixOffset", - "msDs-supportedEncryptionTypes", NULL }; + "msDs-supportedEncryptionTypes", + "msDS-TrustForestTrustInfo", + NULL + }; char *dns = NULL; char *nbn = NULL; char *sidstr = NULL; @@ -1621,6 +1624,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, bool add_incoming = false; bool del_outgoing = false; bool del_incoming = false; + bool del_forest_info = false; bool in_transaction = false; int ret; bool am_rodc; @@ -1832,6 +1836,18 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, (unsigned)info_ex->trust_attributes)); return NT_STATUS_INVALID_PARAMETER; } + + if (!(info_ex->trust_attributes & + LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) + { + struct ldb_message_element *orig_forest_el = NULL; + + orig_forest_el = ldb_msg_find_element(dom_msg, + "msDS-TrustForestTrustInfo"); + if (orig_forest_el != NULL) { + del_forest_info = true; + } + } } if (enc_types) { @@ -1872,6 +1888,13 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, } } } + if (del_forest_info) { + ret = ldb_msg_add_empty(msg, "msDS-TrustForestTrustInfo", + LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + } /* start transaction */ ret = ldb_transaction_start(p_state->sam_ldb); |