1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4-gmsa: Do not attempt password set on remote LDAP connections

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2024-03-05 16:18:34 +13:00 committed by Jo Sutton
parent 977f5753fc
commit e25c6a2120
2 changed files with 17 additions and 0 deletions

View File

@ -1637,6 +1637,22 @@ int dsdb_update_gmsa_keys(struct ldb_context *ldb,
NTTIME current_time;
bool am_rodc = true;
/*
* This is non-zero if we are local to the sam.ldb, this is an
* opaque set by the samba_dsdb module
*/
void *samba_dsdb_opaque = ldb_get_opaque(
ldb, DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME);
if (samba_dsdb_opaque == NULL) {
/*
* We are not connected locally, so no point trying to
* set passwords
*/
*retry_out = false;
return LDB_SUCCESS;
}
{
/* Calculate the current time, as reckoned for gMSAs. */
bool ok = dsdb_gmsa_current_time(ldb, &current_time);

View File

@ -452,6 +452,7 @@ static int samba_dsdb_init(struct ldb_module *module)
NULL, backend_modules);
CHECK_LDB_RET(ret);
/* This opaque is also used by the gMSA code to confirm that it has local DB access */
ret = ldb_set_opaque(ldb, DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME, partition_msg);
CHECK_LDB_RET(ret);