diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-02-01 11:10:14 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-03-01 00:42:26 +0100 |
commit | 1d92e79cb0c3704f825d90d1f6bb588bda6ffade (patch) | |
tree | e79c3b34e5fbea60e80fa5b73df6ca38d3d61b01 /source4/kdc | |
parent | b524562f329b5ee45c5916e5354a48db3b5a0ea6 (diff) | |
download | samba-1d92e79cb0c3704f825d90d1f6bb588bda6ffade.tar.gz |
s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d0a813a173be630c2def93cc55e4514204d265a2)
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/db-glue.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 5ca2c067585..9d633a6e528 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1215,6 +1215,16 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, goto out; } + if (tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) { + /* + * Only UPLEVEL domains support kerberos here, + * as we don't support LSA_TRUST_TYPE_MIT. + */ + krb5_clear_error_message(context); + ret = SDB_ERR_NOENTRY; + goto out; + } + if (tdo->domain_name.string == NULL) { krb5_clear_error_message(context); ret = SDB_ERR_NOENTRY; |