s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the related flag is removed.

When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared we should also remove the related credentials. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2014-12-15 16:33:38 +0100
committer: Stefan Metzmacher <metze@samba.org> 2014-12-19 13:15:13 +0100
commit: 2c9254545224bec3ace135603388f19f1e02ea71 (patch)
tree: 5e748670459a461a01b20a7decbb68f5bb7679d8
parent: 1d6e9e5e5879f0da5831fea7637be507b01b09de (diff)
download: samba-2c9254545224bec3ace135603388f19f1e02ea71.tar.gz
1 files changed, 20 insertions, 12 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 40867dd4da0..0aad375ccd9 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1779,10 +1779,14 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
 		}
 
 		if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
-			add_incoming = true;
+			if (auth_info != NULL && trustAuthIncoming.length > 0) {
+				add_incoming = true;
+			}
 		}
 		if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
-			add_outgoing = true;
+			if (auth_info != NULL && trustAuthOutgoing.length > 0) {
+				add_outgoing = true;
+			}
 		}
 
 		if ((origdir & LSA_TRUST_DIRECTION_INBOUND) &&
@@ -1830,28 +1834,32 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
 		}
 	}
 
-	if (add_incoming && trustAuthIncoming.data) {
+	if (add_incoming || del_incoming) {
 		ret = ldb_msg_add_empty(msg, "trustAuthIncoming",
 					LDB_FLAG_MOD_REPLACE, NULL);
 		if (ret != LDB_SUCCESS) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		ret = ldb_msg_add_value(msg, "trustAuthIncoming",
-					&trustAuthIncoming, NULL);
-		if (ret != LDB_SUCCESS) {
-			return NT_STATUS_NO_MEMORY;
+		if (add_incoming) {
+			ret = ldb_msg_add_value(msg, "trustAuthIncoming",
+						&trustAuthIncoming, NULL);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
 	}
-	if (add_outgoing && trustAuthOutgoing.data) {
+	if (add_outgoing || del_outgoing) {
 		ret = ldb_msg_add_empty(msg, "trustAuthOutgoing",
 					LDB_FLAG_MOD_REPLACE, NULL);
 		if (ret != LDB_SUCCESS) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
-					&trustAuthOutgoing, NULL);
-		if (ret != LDB_SUCCESS) {
-			return NT_STATUS_NO_MEMORY;
+		if (add_outgoing) {
+			ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
+						&trustAuthOutgoing, NULL);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
 	}
author	Stefan Metzmacher <metze@samba.org>	2014-12-15 16:33:38 +0100
committer	Stefan Metzmacher <metze@samba.org>	2014-12-19 13:15:13 +0100
commit	2c9254545224bec3ace135603388f19f1e02ea71 (patch)
tree	5e748670459a461a01b20a7decbb68f5bb7679d8
parent	1d6e9e5e5879f0da5831fea7637be507b01b09de (diff)
download	samba-2c9254545224bec3ace135603388f19f1e02ea71.tar.gz