summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-09-28 19:35:56 -0700
committerNadezhda Ivanova <nivanova@sn-devel-104.sn.samba.org>2010-09-29 03:09:15 +0000
commit3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49 (patch)
tree66619fd6ffa25d181c7940d20d956d8e51cbfcdb /source4
parentcc288603ce67ccca3625d162fadc618df5fbc807 (diff)
downloadsamba-3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49.tar.gz
samba-3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49.tar.bz2
samba-3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49.zip
s4-rodc: RODC should not accept requests for role transfer
A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 4f0b11b0ab..6c2a1e630d 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1059,7 +1059,19 @@ static int rootdse_become_master(struct ldb_module *module,
struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
NTSTATUS status_call;
WERROR status_fn;
+ bool am_rodc;
struct dcerpc_binding_handle *irpc_handle;
+ int ret;
+
+ ret = samdb_rodc(ldb, &am_rodc);
+ if (ret != LDB_SUCCESS) {
+ return ldb_error(ldb, ret, "Could not determine if server is RODC.");
+ }
+
+ if (am_rodc) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+ "RODC cannot become a role master.");
+ }
msg = messaging_client_init(tmp_ctx, lpcfg_messaging_path(tmp_ctx, lp_ctx),
ldb_get_event_context(ldb));