s4:rpc_server/lsa: remove msDS-TrustForestTrustInfo if FOREST_TRANSITIVE is cleared

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan  6 22:50:23 CET 2015 on sn-devel-104

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index f3d30477e9bf42dab7f3971678a3753bbdb13be9..cc2048da076a458e640d69094196387993b372c2 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1366,7 +1366,10 @@ static NTSTATUS get_tdo(struct ldb_context *sam, TALLOC_CTX *mem_ctx,
                                "securityIdentifier", "trustDirection",
                                "trustType", "trustAttributes",
                                "trustPosixOffset",
-                               "msDs-supportedEncryptionTypes", NULL };
+                               "msDs-supportedEncryptionTypes",
+                               "msDS-TrustForestTrustInfo",
+                               NULL
+       };
        char *dns = NULL;
        char *nbn = NULL;
        char *sidstr = NULL;
@@ -1621,6 +1624,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
        bool add_incoming = false;
        bool del_outgoing = false;
        bool del_incoming = false;
+       bool del_forest_info = false;
        bool in_transaction = false;
        int ret;
        bool am_rodc;
@@ -1832,6 +1836,18 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
                                  (unsigned)info_ex->trust_attributes));
                        return NT_STATUS_INVALID_PARAMETER;
                }
+
+               if (!(info_ex->trust_attributes &
+                     LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE))
+               {
+                       struct ldb_message_element *orig_forest_el = NULL;
+
+                       orig_forest_el = ldb_msg_find_element(dom_msg,
+                                               "msDS-TrustForestTrustInfo");
+                       if (orig_forest_el != NULL) {
+                               del_forest_info = true;
+                       }
+               }
        }
 
        if (enc_types) {
@@ -1872,6 +1888,13 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
                        }
                }
        }
+       if (del_forest_info) {
+               ret = ldb_msg_add_empty(msg, "msDS-TrustForestTrustInfo",
+                                       LDB_FLAG_MOD_REPLACE, NULL);
+               if (ret != LDB_SUCCESS) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
 
        /* start transaction */
        ret = ldb_transaction_start(p_state->sam_ldb);