s4:rpc_server/lsa: WITHIN_FOREST together with FOREST_TRANSITIVE is invalid

author Stefan Metzmacher <metze@samba.org>

Thu, 19 Dec 2024 18:34:59 +0000 (19:34 +0100)

committer Ralph Boehme <slow@samba.org>

Sat, 8 Feb 2025 15:26:38 +0000 (15:26 +0000)
author Stefan Metzmacher <metze@samba.org>
Thu, 19 Dec 2024 18:34:59 +0000 (19:34 +0100)
committer Ralph Boehme <slow@samba.org>
Sat, 8 Feb 2025 15:26:38 +0000 (15:26 +0000)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c

index 63ffec46c3067a2d0c57b3ba272caeb62ec22dcb..83661b068f0bf73f41d26ebf6a89deb1f8382a43 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1178,6 +1178,12 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_precheck(
                 return NT_STATUS_INVALID_SID;
         }
  
+       if ((info->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) &&
+           (info->trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE))
+       {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
         if ((info->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) &&
             (info->trust_attributes & LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION))
         {
author	Stefan Metzmacher <metze@samba.org>
	Thu, 19 Dec 2024 18:34:59 +0000 (19:34 +0100)
committer	Ralph Boehme <slow@samba.org>
	Sat, 8 Feb 2025 15:26:38 +0000 (15:26 +0000)