mirror of
https://github.com/samba-team/samba.git
synced 2025-03-22 02:50:28 +03:00
s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo()
We need to handle trusted domains differently than our primary
domain. The most important part is that we don't return
NETR_TRUST_FLAG_PRIMARY for them.
NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags
for trusts.
This is an example of what Windows returns in a complex trust
environment:
netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo
out: struct netr_LogonGetDomainInfo
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : f48b51ff12ff8c6c
timestamp : Tue Aug 28 22:59:03 2018 CEST
info : *
info : union netr_DomainInfo(case 1)
domain_info : *
domain_info: struct netr_DomainInformation
primary_domain: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'W2012R2-L4'
dns_domainname: struct lsa_StringLarge
length : 0x0020 (32)
size : 0x0022 (34)
string : *
string : 'w2012r2-l4.base.'
dns_forestname: struct lsa_StringLarge
length : 0x0020 (32)
size : 0x0022 (34)
string : *
string : 'w2012r2-l4.base.'
domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b
domain_sid : *
domain_sid : S-1-5-21-2930975464-1937418634-1288008815
trust_extension: struct netr_trust_extension_container
length : 0x0000 (0)
size : 0x0000 (0)
info : NULL
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domain_count : 0x00000006 (6)
trusted_domains : *
trusted_domains: ARRAY(6)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'FREEIPA'
dns_domainname: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'freeipa.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 00000000-0000-0000-0000-000000000000
domain_sid : *
domain_sid : S-1-5-21-429948374-2562621466-335716826
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 'S1-W2012-L4'
dns_domainname: struct lsa_StringLarge
length : 0x0036 (54)
size : 0x0038 (56)
string : *
string : 's1-w2012-l4.w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : afe7fbde-af82-46cf-88a2-2df6920fc33e
domain_sid : *
domain_sid : S-1-5-21-1368093395-3821428921-3924672915
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000023 (35)
1: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000004 (4)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000020 (32)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0006 (6)
size : 0x0008 (8)
string : *
string : 'BLA'
dns_domainname: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'bla.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 00000000-0000-0000-0000-000000000000
domain_sid : *
domain_sid : S-1-5-21-4053568372-2049667917-3384589010
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'S4XDOM'
dns_domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 's4xdom.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 00000000-0000-0000-0000-000000000000
domain_sid : *
domain_sid : S-1-5-21-313966788-4060240134-2249344781
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'W2012R2-L4'
dns_domainname: struct lsa_StringLarge
length : 0x001e (30)
size : 0x0020 (32)
string : *
string : 'w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b
domain_sid : *
domain_sid : S-1-5-21-2930975464-1937418634-1288008815
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x0000001d (29)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
1: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 'S2-W2012-L4'
dns_domainname: struct lsa_StringLarge
length : 0x004e (78)
size : 0x0050 (80)
string : *
string : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 29daace6-cded-4ce3-a754-7482a4d9127c
domain_sid : *
domain_sid : S-1-5-21-167342819-981449877-2130266853
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000001 (1)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000001 (1)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
lsa_policy: struct netr_LsaPolicyInformation
policy_size : 0x00000000 (0)
policy : NULL
dns_hostname: struct lsa_StringLarge
length : 0x0036 (54)
size : 0x0038 (56)
string : *
string : 'torturetest.w2012r2-l4.base'
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
workstation_flags : 0x00000003 (3)
1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS
1: NETR_WS_FLAG_HANDLES_SPN_UPDATE
supported_enc_types : 0x0000001f (31)
1: KERB_ENCTYPE_DES_CBC_CRC
1: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
0: KERB_ENCTYPE_FAST_SUPPORTED
0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
0: KERB_ENCTYPE_CLAIMS_SUPPORTED
0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
result : NT_STATUS_OK
Best viewed with: git show --histogram -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2099add0657126e4a5427ec2db0fe8025478b355)
This commit is contained in:
Stefan Metzmacher
Karolin Seeger
parent
c6cfdf0db6
commit
7a3dbadb4b
@ -1 +0,0 @@
|
||||
^samba4.rpc.netlogon.*netlogon.GetDomainInfo\(ad_dc\)
|
||||
@ -2257,57 +2257,57 @@ static NTSTATUS fill_our_one_domain_info(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
/*
|
||||
fill in a netr_OneDomainInfo from a ldb search result
|
||||
fill in a netr_OneDomainInfo from a trust tdo
|
||||
*/
|
||||
static NTSTATUS fill_one_domain_info(TALLOC_CTX *mem_ctx,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct ldb_context *sam_ctx,
|
||||
struct ldb_message *res,
|
||||
struct netr_OneDomainInfo *info,
|
||||
bool is_local, bool is_trust_list)
|
||||
static NTSTATUS fill_trust_one_domain_info(TALLOC_CTX *mem_ctx,
|
||||
struct GUID domain_guid,
|
||||
const struct lsa_TrustDomainInfoInfoEx *tdo,
|
||||
struct netr_OneDomainInfo *info)
|
||||
{
|
||||
struct netr_trust_extension *tei = NULL;
|
||||
|
||||
ZERO_STRUCTP(info);
|
||||
|
||||
if (is_trust_list) {
|
||||
/* w2k8 only fills this on trusted domains */
|
||||
info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
|
||||
info->trust_extension.length = 16;
|
||||
info->trust_extension.info->flags =
|
||||
NETR_TRUST_FLAG_TREEROOT |
|
||||
NETR_TRUST_FLAG_IN_FOREST |
|
||||
NETR_TRUST_FLAG_PRIMARY |
|
||||
NETR_TRUST_FLAG_NATIVE;
|
||||
|
||||
info->trust_extension.info->parent_index = 0; /* should be index into array
|
||||
of parent */
|
||||
info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
|
||||
info->trust_extension.info->trust_attributes = 0; /* TODO: base on ldb search? */
|
||||
/* w2k8 only fills this on trusted domains */
|
||||
tei = talloc_zero(mem_ctx, struct netr_trust_extension);
|
||||
if (tei == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (is_trust_list) {
|
||||
/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
|
||||
info->dns_forestname.string = NULL;
|
||||
if (tdo->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
|
||||
tei->flags |= NETR_TRUST_FLAG_INBOUND;
|
||||
}
|
||||
if (tdo->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
|
||||
tei->flags |= NETR_TRUST_FLAG_OUTBOUND;
|
||||
}
|
||||
if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
|
||||
tei->flags |= NETR_TRUST_FLAG_IN_FOREST;
|
||||
}
|
||||
|
||||
/*
|
||||
* TODO: once we support multiple domains within our forest,
|
||||
* we need to fill this correct (or let the caller do it
|
||||
* for all domains marked with NETR_TRUST_FLAG_IN_FOREST).
|
||||
*/
|
||||
tei->parent_index = 0;
|
||||
|
||||
tei->trust_type = tdo->trust_type;
|
||||
tei->trust_attributes = tdo->trust_attributes;
|
||||
|
||||
info->trust_extension.info = tei;
|
||||
info->trust_extension.length = 16;
|
||||
|
||||
info->domainname.string = tdo->netbios_name.string;
|
||||
if (tdo->trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
|
||||
info->dns_domainname.string = tdo->domain_name.string;
|
||||
} else {
|
||||
info->dns_forestname.string = samdb_forest_name(sam_ctx, mem_ctx);
|
||||
NT_STATUS_HAVE_NO_MEMORY(info->dns_forestname.string);
|
||||
info->dns_forestname.string = talloc_asprintf(mem_ctx, "%s.", info->dns_forestname.string);
|
||||
NT_STATUS_HAVE_NO_MEMORY(info->dns_forestname.string);
|
||||
info->dns_domainname.string = NULL;
|
||||
}
|
||||
info->domain_sid = tdo->sid;
|
||||
info->domain_guid = domain_guid;
|
||||
|
||||
if (is_local) {
|
||||
info->domainname.string = lpcfg_workgroup(lp_ctx);
|
||||
info->dns_domainname.string = lpcfg_dnsdomain(lp_ctx);
|
||||
info->domain_guid = samdb_result_guid(res, "objectGUID");
|
||||
info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
|
||||
} else {
|
||||
info->domainname.string = ldb_msg_find_attr_as_string(res, "flatName", NULL);
|
||||
info->dns_domainname.string = ldb_msg_find_attr_as_string(res, "trustPartner", NULL);
|
||||
info->domain_guid = samdb_result_guid(res, "objectGUID");
|
||||
info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
|
||||
}
|
||||
if (!is_trust_list) {
|
||||
info->dns_domainname.string = talloc_asprintf(mem_ctx, "%s.", info->dns_domainname.string);
|
||||
}
|
||||
/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
|
||||
info->dns_forestname.string = NULL;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -2323,21 +2323,29 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
|
||||
TALLOC_CTX *mem_ctx, struct netr_LogonGetDomainInfo *r)
|
||||
{
|
||||
struct netlogon_creds_CredentialState *creds;
|
||||
const char * const attrs[] = { "objectSid", "objectGUID", "flatName",
|
||||
"securityIdentifier", "trustPartner", NULL };
|
||||
const char * const trusts_attrs[] = {
|
||||
"securityIdentifier",
|
||||
"flatName",
|
||||
"trustPartner",
|
||||
"trustAttributes",
|
||||
"trustDirection",
|
||||
"trustType",
|
||||
NULL
|
||||
};
|
||||
const char * const attrs2[] = { "sAMAccountName", "dNSHostName",
|
||||
"msDS-SupportedEncryptionTypes", NULL };
|
||||
const char *sam_account_name, *old_dns_hostname, *prefix1, *prefix2;
|
||||
struct ldb_context *sam_ctx;
|
||||
const struct GUID *our_domain_guid = NULL;
|
||||
struct lsa_TrustDomainInfoInfoEx *our_tdo = NULL;
|
||||
struct ldb_message **res1, **res3, *new_msg;
|
||||
struct ldb_message **res1, *new_msg;
|
||||
struct ldb_result *trusts_res = NULL;
|
||||
struct ldb_dn *workstation_dn;
|
||||
struct netr_DomainInformation *domain_info;
|
||||
struct netr_LsaPolicyInformation *lsa_policy_info;
|
||||
uint32_t default_supported_enc_types = 0xFFFFFFFF;
|
||||
bool update_dns_hostname = true;
|
||||
int ret, ret3, i;
|
||||
int ret, i;
|
||||
NTSTATUS status;
|
||||
|
||||
status = dcesrv_netr_creds_server_step_check(dce_call,
|
||||
@ -2559,10 +2567,13 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
|
||||
return status;
|
||||
}
|
||||
|
||||
ret3 = gendb_search(sam_ctx, mem_ctx, NULL, &res3, attrs,
|
||||
"(objectClass=trustedDomain)");
|
||||
if (ret3 == -1) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
status = dsdb_trust_search_tdos(sam_ctx,
|
||||
NULL, /* exclude */
|
||||
trusts_attrs,
|
||||
mem_ctx,
|
||||
&trusts_res);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
domain_info = talloc(mem_ctx, struct netr_DomainInformation);
|
||||
@ -2581,19 +2592,33 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
|
||||
return status;
|
||||
}
|
||||
|
||||
domain_info->trusted_domain_count = ret3 + 1;
|
||||
domain_info->trusted_domain_count = trusts_res->count + 1;
|
||||
domain_info->trusted_domains = talloc_zero_array(mem_ctx,
|
||||
struct netr_OneDomainInfo,
|
||||
domain_info->trusted_domain_count);
|
||||
NT_STATUS_HAVE_NO_MEMORY(domain_info->trusted_domains);
|
||||
|
||||
for (i=0;i<ret3;i++) {
|
||||
status = fill_one_domain_info(mem_ctx,
|
||||
dce_call->conn->dce_ctx->lp_ctx,
|
||||
sam_ctx, res3[i],
|
||||
&domain_info->trusted_domains[i],
|
||||
false, true);
|
||||
NT_STATUS_NOT_OK_RETURN(status);
|
||||
for (i=0; i < trusts_res->count; i++) {
|
||||
struct netr_OneDomainInfo *o =
|
||||
&domain_info->trusted_domains[i];
|
||||
/* we can't know the guid of trusts outside our forest */
|
||||
struct GUID trust_domain_guid = GUID_zero();
|
||||
struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
|
||||
|
||||
status = dsdb_trust_parse_tdo_info(mem_ctx,
|
||||
trusts_res->msgs[i],
|
||||
&tdo);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
status = fill_trust_one_domain_info(mem_ctx,
|
||||
trust_domain_guid,
|
||||
tdo,
|
||||
o);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
status = fill_our_one_domain_info(mem_ctx,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user