diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2010-09-28 19:35:56 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@sn-devel-104.sn.samba.org> | 2010-09-29 03:09:15 +0000 |
commit | 3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49 (patch) | |
tree | 66619fd6ffa25d181c7940d20d956d8e51cbfcdb /source4 | |
parent | cc288603ce67ccca3625d162fadc618df5fbc807 (diff) | |
download | samba-3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49.tar.gz samba-3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49.tar.bz2 samba-3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49.zip |
s4-rodc: RODC should not accept requests for role transfer
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 4f0b11b0ab..6c2a1e630d 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -1059,7 +1059,19 @@ static int rootdse_become_master(struct ldb_module *module, struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm"); NTSTATUS status_call; WERROR status_fn; + bool am_rodc; struct dcerpc_binding_handle *irpc_handle; + int ret; + + ret = samdb_rodc(ldb, &am_rodc); + if (ret != LDB_SUCCESS) { + return ldb_error(ldb, ret, "Could not determine if server is RODC."); + } + + if (am_rodc) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, + "RODC cannot become a role master."); + } msg = messaging_client_init(tmp_ctx, lpcfg_messaging_path(tmp_ctx, lp_ctx), ldb_get_event_context(ldb)); |