2025-02-23 09:57:40 +03:00 · 2014-09-23 10:02:57 -07:00 · 2014-09-23 10:02:57 -07:00 · a3ecad4237
commit a3ecad4237
parent 1ac96a416d
13 changed files with 26 additions and 40 deletions
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@ -691,10 +691,11 @@ import "misc.idl", "security.idl";
 		LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
 	} lsa_TrustDirection;

-	typedef [v1_enum] enum {
+	typedef [public,v1_enum] enum {
 		LSA_TRUST_TYPE_DOWNLEVEL  = 0x00000001,
 		LSA_TRUST_TYPE_UPLEVEL    = 0x00000002,
-		LSA_TRUST_TYPE_MIT        = 0x00000003
+		LSA_TRUST_TYPE_MIT        = 0x00000003,
+		LSA_TRUST_TYPE_DCE	  = 0x00000004
 	} lsa_TrustType;

 	typedef [public,bitmap32bit] bitmap {
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@ -1502,30 +1502,13 @@ interface netlogon
 	/****************/
 	/* Function 0x24 */

-	typedef [v1_enum] enum {
-		NETR_TRUST_TYPE_DOWNLEVEL	= 1,
-		NETR_TRUST_TYPE_UPLEVEL		= 2,
-		NETR_TRUST_TYPE_MIT		= 3,
-		NETR_TRUST_TYPE_DCE		= 4
-	} netr_TrustType;
-
-	typedef [bitmap32bit] bitmap {
-		NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE	= 0x00000001,
-		NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY       = 0x00000002,
-		NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
-		NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE  = 0x00000008,
-		NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
-		NETR_TRUST_ATTRIBUTE_WITHIN_FOREST      = 0x00000020,
-		NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL  = 0x00000040
-	} netr_TrustAttributes;
-
 	typedef struct {
 		[string,charset(UTF16)] uint16			*netbios_name;
 		[string,charset(UTF16)] uint16			*dns_name;
 		netr_TrustFlags		trust_flags;
 		uint32			parent_index;
-		netr_TrustType		trust_type;
-		netr_TrustAttributes	trust_attributes;
+		lsa_TrustType		trust_type;
+		lsa_TrustAttributes	trust_attributes;
 		dom_sid2		*sid;
 		GUID			guid;
 	} netr_DomainTrust;
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@ -672,7 +672,7 @@ bld.SAMBA_LIBRARY('dcerpc-binding',

 bld.SAMBA_SUBSYSTEM('NDR_WINBIND',
 	source='gen_ndr/ndr_winbind.c',
-	public_deps='ndr'
+	public_deps='ndr NDR_LSA'
 	)

 bld.SAMBA_SUBSYSTEM('RPC_NDR_WINBIND',
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@ -1513,7 +1513,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 		 */

 		if ((trust->trust_attributes
-		     == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
+		     == LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
 		    !domain->primary )
 		{
 			DEBUG(10,("trusted_domains: Skipping external trusted "
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@ -2092,7 +2092,7 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
 			domain->domain_type           = trusts.array[i].trust_type;
 			domain->domain_trust_attribs  = trusts.array[i].trust_attributes;

-			if ( domain->domain_type == NETR_TRUST_TYPE_UPLEVEL )
+			if ( domain->domain_type == LSA_TRUST_TYPE_UPLEVEL )
 				domain->active_directory = True;

 			/* This flag is only set if the domain is *our* 
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@ -43,9 +43,9 @@ const char *trust_type_strings[] = {"External",

 static enum trust_type get_trust_type(struct winbindd_tdc_domain *domain)
 {
-	if (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)	
+	if (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
 		return EXTERNAL;
-	else if (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)
+	else if (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)
 		return FOREST;
 	else if (((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) == NETR_TRUST_FLAG_IN_FOREST) &&
 	    ((domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) == 0x0))
@ -78,9 +78,9 @@ static bool trust_is_outbound(struct winbindd_tdc_domain *domain)

 static bool trust_is_transitive(struct winbindd_tdc_domain *domain)
 {
-	if ((domain->trust_attribs == NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE) ||         
-	    (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) ||
-	    (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL))
+	if ((domain->trust_attribs == LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) ||
+	    (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) ||
+	    (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL))
 		return False;
 	return True;
 }
--- a/source3/winbindd/winbindd_ndr.c
+++ b/source3/winbindd/winbindd_ndr.c
@ -21,6 +21,7 @@
 #include "winbindd.h"
 #include "../librpc/gen_ndr/ndr_netlogon.h"
 #include "../librpc/gen_ndr/ndr_security.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
 #include "../librpc/ndr/libndr.h"

 #undef DBGC_CLASS
@ -133,8 +134,8 @@ void ndr_print_winbindd_domain(struct ndr_print *ndr,
 	ndr_print_string(ndr, "forest_name", r->forest_name);
 	ndr_print_dom_sid(ndr, "sid", &r->sid);
 	ndr_print_netr_TrustFlags(ndr, "domain_flags", r->domain_flags);
-	ndr_print_netr_TrustType(ndr, "domain_type", r->domain_type);
-	ndr_print_netr_TrustAttributes(ndr, "domain_trust_attribs", r->domain_trust_attribs);
+	ndr_print_lsa_TrustType(ndr, "domain_type", r->domain_type);
+	ndr_print_lsa_TrustAttributes(ndr, "domain_trust_attribs", r->domain_trust_attribs);
 	ndr_print_bool(ndr, "initialized", r->initialized);
 	ndr_print_bool(ndr, "native_mode", r->native_mode);
 	ndr_print_bool(ndr, "active_directory", r->active_directory);
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@ -995,7 +995,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 #ifdef HAVE_KRB5
 		if ((state->request->flags & WBFLAG_PAM_KRB5) &&
 		    ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
-		    ((tdc_domain->trust_type & NETR_TRUST_TYPE_UPLEVEL) ||
+		    ((tdc_domain->trust_type & LSA_TRUST_TYPE_UPLEVEL) ||
 		    /* used to cope with the case winbindd starting without network. */
 		    !strequal(tdc_domain->domain_name, tdc_domain->dns_name))) {

--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@ -499,8 +499,8 @@ static void rescan_forest_trusts( void )
 			continue;

 		if ( (flags & NETR_TRUST_FLAG_INBOUND) &&
-		     (type == NETR_TRUST_TYPE_UPLEVEL) &&
-		     (attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
+		     (type == LSA_TRUST_TYPE_UPLEVEL) &&
+		     (attribs == LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
 		{
 			/* add the trusted domain if we don't know
 			   about it */
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@ -4375,7 +4375,7 @@ static NTSTATUS dcesrv_lsa_lsaRSetForestTrustInformation(struct dcesrv_call_stat

 	trust_attributes = ldb_msg_find_attr_as_uint(dom_res[i],
 						     "trustAttributes", 0);
-	if (!(trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
+	if (!(trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}

--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@ -37,6 +37,7 @@
 #include "dsdb/samdb/ldb_modules/util.h"
 #include "lib/tsocket/tsocket.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
 #include "librpc/gen_ndr/ndr_irpc.h"
 #include "lib/socket/netif.h"

@ -2295,8 +2296,8 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
 				ldb_msg_find_attr_as_uint(dom_res[i],
 						  "trustAttributes", 0);

-		if ((trusts->array[n].trust_type == NETR_TRUST_TYPE_MIT) ||
-		    (trusts->array[n].trust_type == NETR_TRUST_TYPE_DCE)) {
+		if ((trusts->array[n].trust_type == LSA_TRUST_TYPE_MIT) ||
+		    (trusts->array[n].trust_type == LSA_TRUST_TYPE_DCE)) {
 			struct dom_sid zero_sid;
 			ZERO_STRUCT(zero_sid);
 			trusts->array[n].sid =
@ -2402,7 +2403,7 @@ static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce
 			NETR_TRUST_FLAG_PRIMARY;
 		/* we are always the root domain for now */
 		trusts->array[n].parent_index = 0;
-		trusts->array[n].trust_type = NETR_TRUST_TYPE_UPLEVEL;
+		trusts->array[n].trust_type = LSA_TRUST_TYPE_UPLEVEL;
 		trusts->array[n].trust_attributes = 0;
 		trusts->array[n].sid = samdb_result_dom_sid(mem_ctx,
 							    dom_res[0],
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@ -2101,7 +2101,7 @@ static bool test_query_each_TrustDomEx(struct dcerpc_binding_handle *b,

 	for (i=0; i< domains->count; i++) {

-		if (domains->domains[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+		if (domains->domains[i].trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
 			ret &= test_QueryForestTrustInformation(b, tctx, handle,
 								domains->domains[i].domain_name.string);
 		}
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@ -2553,7 +2553,7 @@ static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,

 		/* get info for transitive forest trusts */

-		if (r.out.trusts->array[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+		if (r.out.trusts->array[i].trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
 			if (!test_netr_DsRGetForestTrustInformation(tctx, p,
 								    r.out.trusts->array[i].dns_name)) {
 				return false;