The branch, master has been updated
via 3b0d6fd s4-rodc: RODC should not accept requests for role transfer
from cc28860 s4-provision: simplify our generated krb5.conf
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49
Author: Nadezhda Ivanova <[email protected]>
Date: Tue Sep 28 19:35:56 2010 -0700
s4-rodc: RODC should not accept requests for role transfer
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/rootdse.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c
b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 4f0b11b..6c2a1e6 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1059,7 +1059,19 @@ static int rootdse_become_master(struct ldb_module
*module,
struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
NTSTATUS status_call;
WERROR status_fn;
+ bool am_rodc;
struct dcerpc_binding_handle *irpc_handle;
+ int ret;
+
+ ret = samdb_rodc(ldb, &am_rodc);
+ if (ret != LDB_SUCCESS) {
+ return ldb_error(ldb, ret, "Could not determine if server is
RODC.");
+ }
+
+ if (am_rodc) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+ "RODC cannot become a role master.");
+ }
msg = messaging_client_init(tmp_ctx, lpcfg_messaging_path(tmp_ctx,
lp_ctx),
ldb_get_event_context(ldb));
--
Samba Shared Repository
