mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4-gmsa: Do not attempt password set on remote LDAP connections
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
parent
977f5753fc
commit
e25c6a2120
@ -1637,6 +1637,22 @@ int dsdb_update_gmsa_keys(struct ldb_context *ldb,
|
||||
NTTIME current_time;
|
||||
bool am_rodc = true;
|
||||
|
||||
/*
|
||||
* This is non-zero if we are local to the sam.ldb, this is an
|
||||
* opaque set by the samba_dsdb module
|
||||
*/
|
||||
void *samba_dsdb_opaque = ldb_get_opaque(
|
||||
ldb, DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME);
|
||||
|
||||
if (samba_dsdb_opaque == NULL) {
|
||||
/*
|
||||
* We are not connected locally, so no point trying to
|
||||
* set passwords
|
||||
*/
|
||||
*retry_out = false;
|
||||
return LDB_SUCCESS;
|
||||
}
|
||||
|
||||
{
|
||||
/* Calculate the current time, as reckoned for gMSAs. */
|
||||
bool ok = dsdb_gmsa_current_time(ldb, ¤t_time);
|
||||
|
@ -452,6 +452,7 @@ static int samba_dsdb_init(struct ldb_module *module)
|
||||
NULL, backend_modules);
|
||||
CHECK_LDB_RET(ret);
|
||||
|
||||
/* This opaque is also used by the gMSA code to confirm that it has local DB access */
|
||||
ret = ldb_set_opaque(ldb, DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME, partition_msg);
|
||||
CHECK_LDB_RET(ret);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user