summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/kdc/hdb-ldb.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 95c60e2c78..ef3a0bcb8a 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -45,6 +45,7 @@
#include "dsdb/samdb/samdb.h"
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/lsa.h"
#include "libcli/auth/libcli_auth.h"
#include "param/param.h"
#include "events/events.h"
@@ -56,9 +57,9 @@ enum hdb_ldb_ent_type
HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_TRUST, HDB_LDB_ENT_TYPE_ANY };
enum trust_direction {
- INBOUND,
- OUTBOUND,
- UNKNOWN
+ UNKNOWN = 0,
+ INBOUND = LSA_TRUST_DIRECTION_INBOUND,
+ OUTBOUND = LSA_TRUST_DIRECTION_OUTBOUND
};
static const char *realm_ref_attrs[] = {
@@ -751,6 +752,11 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db,
password_val = ldb_msg_find_ldb_val(msg, "trustAuthOutgoing");
}
+ if (!password_val || !(trust_direction_flags & direction)) {
+ ret = ENOENT;
+ goto out;
+ }
+
ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob,
(ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
generated by cgit (git 2.34.1) at 2025-10-31 20:35:11 +0000