struct ldb_message *msg,
struct ldb_message *msg_domain_ref,
const char *logon_workstation,
- const char *name_for_logs);
+ const char *name_for_logs,
+ bool allow_domain_trust);
struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
const char *netbios_name,
struct ldb_message *msg,
struct ldb_message *msg_domain_ref,
const char *logon_workstation,
- const char *name_for_logs)
+ const char *name_for_logs,
+ bool allow_domain_trust)
{
uint16_t acct_flags;
const char *workstation_list;
return NT_STATUS_INVALID_LOGON_HOURS;
}
- if (acct_flags & ACB_DOMTRUST) {
- DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs));
- return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+ if (!allow_domain_trust) {
+ if (acct_flags & ACB_DOMTRUST) {
+ DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs));
+ return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+ }
}
-
if (!(logon_parameters & MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) {
if (acct_flags & ACB_SVRTRUST) {
DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", name_for_logs));
}
}
+ /* we allow all kinds of trusts here */
nt_status = authsam_account_ok(tmp_ctx,
private->samdb,
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
private->msg,
private->realm_ref_msg,
workstation,
- name);
+ name, true);
free(name);
if (NT_STATUS_IS_OK(nt_status))