The branch, master has been updated
via 57300bb s4:rpc_server/lsa: remove msDS-TrustForestTrustInfo if
FOREST_TRANSITIVE is cleared
via cfe6377 s4:rpc_server/lsa: allow
LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE to be changed.
from a2670f1 winbind: Retry after SESSION_EXPIRED error in ping-dc
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 57300bbf5e5fcb9cb32bd3462e8ed86400b68920
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 5 16:01:16 2015 +0100
s4:rpc_server/lsa: remove msDS-TrustForestTrustInfo if FOREST_TRANSITIVE is
cleared
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Simo Sorce <i...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Tue Jan 6 22:50:23 CET 2015 on sn-devel-104
commit cfe6377173ef093cb90b167000b86e6626568b61
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jan 5 15:59:31 2015 +0100
s4:rpc_server/lsa: allow LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE to be
changed.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Simo Sorce <i...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/rpc_server/lsa/dcesrv_lsa.c | 45 ++++++++++++++++++++++++++++++++-----
1 file changed, 39 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 020360d..cc2048d 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1366,7 +1366,10 @@ static NTSTATUS get_tdo(struct ldb_context *sam,
TALLOC_CTX *mem_ctx,
"securityIdentifier", "trustDirection",
"trustType", "trustAttributes",
"trustPosixOffset",
- "msDs-supportedEncryptionTypes", NULL };
+ "msDs-supportedEncryptionTypes",
+ "msDS-TrustForestTrustInfo",
+ NULL
+ };
char *dns = NULL;
char *nbn = NULL;
char *sidstr = NULL;
@@ -1621,6 +1624,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
bool add_incoming = false;
bool del_outgoing = false;
bool del_incoming = false;
+ bool del_forest_info = false;
bool in_transaction = false;
int ret;
bool am_rodc;
@@ -1766,6 +1770,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
if (info_ex) {
uint32_t origattrs;
+ uint32_t changed_attrs;
uint32_t origdir;
int origtype;
@@ -1815,13 +1820,34 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
}
/* TODO: check forestFunctionality from ldb opaque */
/* TODO: check what is set makes sense */
- /* for now refuse changes */
- if (origattrs == -1 ||
- origattrs != info_ex->trust_attributes) {
- DEBUG(1, ("Attempted to change trust attributes! "
- "Operation not handled\n"));
+
+ changed_attrs = origattrs ^ info_ex->trust_attributes;
+ if (changed_attrs & ~LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+ /*
+ * For now we only allow
+ * LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE to be changed.
+ *
+ * TODO: we may need to support more attribute changes
+ */
+ DEBUG(1, ("Attempted to change trust attributes "
+ "(0x%08x != 0x%08x)! "
+ "Operation not handled yet...\n",
+ (unsigned)origattrs,
+ (unsigned)info_ex->trust_attributes));
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (!(info_ex->trust_attributes &
+ LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE))
+ {
+ struct ldb_message_element *orig_forest_el = NULL;
+
+ orig_forest_el = ldb_msg_find_element(dom_msg,
+ "msDS-TrustForestTrustInfo");
+ if (orig_forest_el != NULL) {
+ del_forest_info = true;
+ }
+ }
}
if (enc_types) {
@@ -1862,6 +1888,13 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
}
}
}
+ if (del_forest_info) {
+ ret = ldb_msg_add_empty(msg, "msDS-TrustForestTrustInfo",
+ LDB_FLAG_MOD_REPLACE, NULL);
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
/* start transaction */
ret = ldb_transaction_start(p_state->sam_ldb);
--
Samba Shared Repository
