s3:netlogon: IPA DC is the PDC as well - allow ROLE_IPA_DC in _netr_DsRGetForestTrust...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1dbafcc4e4ff8f39af5ca737b30e9821413dd1f2)

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 896e4e60d5aaf4abf06877ea86a136308aae19f7..c3759a558ca7d20a96a1ad94dcb8eff97b6a8e1e 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -2655,7 +2655,10 @@ WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
                return WERR_INVALID_FLAGS;
        }
 
-       if ((r->in.flags & DS_GFTI_UPDATE_TDO) && (lp_server_role() != ROLE_DOMAIN_PDC)) {
+       if ((r->in.flags & DS_GFTI_UPDATE_TDO) &&
+           (lp_server_role() != ROLE_DOMAIN_PDC) &&
+           (lp_server_role() != ROLE_IPA_DC))
+       {
                p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
                return WERR_NERR_NOTPRIMARY;
        }