CVE-2020-25717: Add FreeIPA domain controller role

As we want to reduce use of 'classic domain controller' role but FreeIPA relies on it internally, add a separate role to mark FreeIPA domain controller role. It means that role won't result in ROLE_STANDALONE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Alexander Bokovoy <ab@samba.org> 2020-11-11 18:50:45 +0200
committer: Jule Anger <janger@samba.org> 2021-11-09 19:45:33 +0000
commit: e2d5b4d709293b52112d078d6fcde95593d790c5 (patch)
tree: 5913a1da26d2a90cdb1a1ce8ffaeae2ef872b674 /source4/kdc/kdc-heimdal.c
parent: 57abb7f8f8884f52f1d194c5c74e067aecd0d3dd (diff)
download: samba-e2d5b4d709293b52112d078d6fcde95593d790c5.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
index c695004cafc..ce32d3cb1b3 100644
--- a/source4/kdc/kdc-heimdal.c
+++ b/source4/kdc/kdc-heimdal.c
@@ -276,6 +276,7 @@ static NTSTATUS kdc_task_init(struct task_server *task)
 		return NT_STATUS_INVALID_DOMAIN_ROLE;
 	case ROLE_DOMAIN_PDC:
 	case ROLE_DOMAIN_BDC:
+	case ROLE_IPA_DC:
 		task_server_terminate(
 		    task, "Cannot start KDC as a 'classic Samba' DC", false);
 		return NT_STATUS_INVALID_DOMAIN_ROLE;
author	Alexander Bokovoy <ab@samba.org>	2020-11-11 18:50:45 +0200
committer	Jule Anger <janger@samba.org>	2021-11-09 19:45:33 +0000
commit	e2d5b4d709293b52112d078d6fcde95593d790c5 (patch)
tree	5913a1da26d2a90cdb1a1ce8ffaeae2ef872b674 /source4/kdc/kdc-heimdal.c
parent	57abb7f8f8884f52f1d194c5c74e067aecd0d3dd (diff)
download	samba-e2d5b4d709293b52112d078d6fcde95593d790c5.tar.gz