s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit d0a813a173be630c2def93cc55e4514204d265a2)
author: Stefan Metzmacher <metze@samba.org> 2018-02-01 11:10:14 +0100
committer: Stefan Metzmacher <metze@samba.org> 2018-03-01 00:42:26 +0100
commit: 1d92e79cb0c3704f825d90d1f6bb588bda6ffade (patch)
tree: e79c3b34e5fbea60e80fa5b73df6ca38d3d61b01 /source4/kdc
parent: b524562f329b5ee45c5916e5354a48db3b5a0ea6 (diff)
download: samba-1d92e79cb0c3704f825d90d1f6bb588bda6ffade.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 5ca2c067585..9d633a6e528 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1215,6 +1215,16 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 		goto out;
 	}
 
+	if (tdo->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
+		/*
+		 * Only UPLEVEL domains support kerberos here,
+		 * as we don't support LSA_TRUST_TYPE_MIT.
+		 */
+		krb5_clear_error_message(context);
+		ret = SDB_ERR_NOENTRY;
+		goto out;
+	}
+
 	if (tdo->domain_name.string == NULL) {
 		krb5_clear_error_message(context);
 		ret = SDB_ERR_NOENTRY;
author	Stefan Metzmacher <metze@samba.org>	2018-02-01 11:10:14 +0100
committer	Stefan Metzmacher <metze@samba.org>	2018-03-01 00:42:26 +0100
commit	1d92e79cb0c3704f825d90d1f6bb588bda6ffade (patch)
tree	e79c3b34e5fbea60e80fa5b73df6ca38d3d61b01 /source4/kdc
parent	b524562f329b5ee45c5916e5354a48db3b5a0ea6 (diff)
download	samba-1d92e79cb0c3704f825d90d1f6bb588bda6ffade.tar.gz