diff options
author | Stefan Metzmacher <metze@samba.org> | 2014-12-15 16:33:38 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-12-19 13:15:13 +0100 |
commit | 2c9254545224bec3ace135603388f19f1e02ea71 (patch) | |
tree | 5e748670459a461a01b20a7decbb68f5bb7679d8 /source4 | |
parent | 1d6e9e5e5879f0da5831fea7637be507b01b09de (diff) | |
download | samba-2c9254545224bec3ace135603388f19f1e02ea71.tar.gz |
s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the related flag is removed.
When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared
we should also remove the related credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 40867dd4da0..0aad375ccd9 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1779,10 +1779,14 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, } if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) { - add_incoming = true; + if (auth_info != NULL && trustAuthIncoming.length > 0) { + add_incoming = true; + } } if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) { - add_outgoing = true; + if (auth_info != NULL && trustAuthOutgoing.length > 0) { + add_outgoing = true; + } } if ((origdir & LSA_TRUST_DIRECTION_INBOUND) && @@ -1830,28 +1834,32 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, } } - if (add_incoming && trustAuthIncoming.data) { + if (add_incoming || del_incoming) { ret = ldb_msg_add_empty(msg, "trustAuthIncoming", LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { return NT_STATUS_NO_MEMORY; } - ret = ldb_msg_add_value(msg, "trustAuthIncoming", - &trustAuthIncoming, NULL); - if (ret != LDB_SUCCESS) { - return NT_STATUS_NO_MEMORY; + if (add_incoming) { + ret = ldb_msg_add_value(msg, "trustAuthIncoming", + &trustAuthIncoming, NULL); + if (ret != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } } } - if (add_outgoing && trustAuthOutgoing.data) { + if (add_outgoing || del_outgoing) { ret = ldb_msg_add_empty(msg, "trustAuthOutgoing", LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { return NT_STATUS_NO_MEMORY; } - ret = ldb_msg_add_value(msg, "trustAuthOutgoing", - &trustAuthOutgoing, NULL); - if (ret != LDB_SUCCESS) { - return NT_STATUS_NO_MEMORY; + if (add_outgoing) { + ret = ldb_msg_add_value(msg, "trustAuthOutgoing", + &trustAuthOutgoing, NULL); + if (ret != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } } } |