mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
ipaserver/dcerpc.py: Avoid hitting issue with transitive trusts on Windows Server prior to 2012
http://msdn.microsoft.com/en-us/library/2a769a08-e023-459f-aebe-4fb3f595c0b7#id83 Reviewed-By: Sumit Bose <sbose@redhat.com>
This commit is contained in:
parent
23e0bc411e
commit
1fd3a23884
@ -901,7 +901,7 @@ class TrustDomainInstance(object):
|
|||||||
info.sid = security.dom_sid(another_domain.info['sid'])
|
info.sid = security.dom_sid(another_domain.info['sid'])
|
||||||
info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND
|
info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND
|
||||||
info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
|
info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
|
||||||
info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
|
info.trust_attributes = 0
|
||||||
|
|
||||||
try:
|
try:
|
||||||
dname = lsa.String()
|
dname = lsa.String()
|
||||||
@ -918,8 +918,6 @@ class TrustDomainInstance(object):
|
|||||||
except RuntimeError, (num, message):
|
except RuntimeError, (num, message):
|
||||||
raise assess_dcerpc_exception(num=num, message=message)
|
raise assess_dcerpc_exception(num=num, message=message)
|
||||||
|
|
||||||
self.update_ftinfo(another_domain)
|
|
||||||
|
|
||||||
# We should use proper trustdom handle in order to modify the
|
# We should use proper trustdom handle in order to modify the
|
||||||
# trust settings. Samba insists this has to be done with LSA
|
# trust settings. Samba insists this has to be done with LSA
|
||||||
# OpenTrustedDomain* calls, it is not enough to have a handle
|
# OpenTrustedDomain* calls, it is not enough to have a handle
|
||||||
@ -938,6 +936,15 @@ class TrustDomainInstance(object):
|
|||||||
# server as that one doesn't support AES encryption types
|
# server as that one doesn't support AES encryption types
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
|
||||||
|
self._pipe.SetInformationTrustedDomain(trustdom_handle, lsa.LSA_TRUSTED_DOMAIN_INFO_INFO_EX, info)
|
||||||
|
except RuntimeError, e:
|
||||||
|
root_logger.error('unable to set trust to transitive: %s' % (str(e)))
|
||||||
|
pass
|
||||||
|
if self.info['is_pdc']:
|
||||||
|
self.update_ftinfo(another_domain)
|
||||||
|
|
||||||
def verify_trust(self, another_domain):
|
def verify_trust(self, another_domain):
|
||||||
def retrieve_netlogon_info_2(domain, function_code, data):
|
def retrieve_netlogon_info_2(domain, function_code, data):
|
||||||
try:
|
try:
|
||||||
|
Loading…
Reference in New Issue
Block a user