diff options
author | Alexander Bokovoy <ab@samba.org> | 2020-11-11 18:50:45 +0200 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-09 19:45:33 +0000 |
commit | e2d5b4d709293b52112d078d6fcde95593d790c5 (patch) | |
tree | 5913a1da26d2a90cdb1a1ce8ffaeae2ef872b674 /source4/kdc/kdc-heimdal.c | |
parent | 57abb7f8f8884f52f1d194c5c74e067aecd0d3dd (diff) | |
download | samba-e2d5b4d709293b52112d078d6fcde95593d790c5.tar.gz |
CVE-2020-25717: Add FreeIPA domain controller role
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.
It means that role won't result in ROLE_STANDALONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/kdc/kdc-heimdal.c')
-rw-r--r-- | source4/kdc/kdc-heimdal.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c index c695004cafc..ce32d3cb1b3 100644 --- a/source4/kdc/kdc-heimdal.c +++ b/source4/kdc/kdc-heimdal.c @@ -276,6 +276,7 @@ static NTSTATUS kdc_task_init(struct task_server *task) return NT_STATUS_INVALID_DOMAIN_ROLE; case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: + case ROLE_IPA_DC: task_server_terminate( task, "Cannot start KDC as a 'classic Samba' DC", false); return NT_STATUS_INVALID_DOMAIN_ROLE; |