[SCM] Samba Shared Repository - branch master updated

[Nadezhda Ivanova]

The branch, master has been updated
       via  3b0d6fd s4-rodc: RODC should not accept requests for role transfer
      from  cc28860 s4-provision: simplify our generated krb5.conf

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49
Author: Nadezhda Ivanova <nivanova at samba.org>
Date:   Tue Sep 28 19:35:56 2010 -0700

    s4-rodc: RODC should not accept requests for role transfer
    
    A RODC cannot assume a role, and unwillingToPerform must be
    returned if such request is sent via LDAP

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/rootdse.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 4f0b11b..6c2a1e6 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1059,7 +1059,19 @@ static int rootdse_become_master(struct ldb_module *module,
 	struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
 	NTSTATUS status_call;
 	WERROR status_fn;
+	bool am_rodc;
 	struct dcerpc_binding_handle *irpc_handle;
+	int ret;
+
+	ret = samdb_rodc(ldb, &am_rodc);
+	if (ret != LDB_SUCCESS) {
+		return ldb_error(ldb, ret, "Could not determine if server is RODC.");
+	}
+
+	if (am_rodc) {
+		return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM,
+				 "RODC cannot become a role master.");
+	}
 
 	msg = messaging_client_init(tmp_ctx, lpcfg_messaging_path(tmp_ctx, lp_ctx),
 				    ldb_get_event_context(ldb));


-- 
Samba Shared Repository