sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3:winbindd: fix endless forest trust scan

Browse Source 
Commit 0392ebcd1d effectively
disabled the enumeration of trusts in other forests.

The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.

Commit fffefe72fc readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830

Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar  2 17:53:14 CET 2017 on sn-devel-144
This commit is contained in:
Stefan Metzmacher 2017-03-02 08:13:57 +01:00 committed by Ralph Boehme
parent ed42d6e81f
commit f9aaddcdd8
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source3/winbindd/winbindd_ads.c
View File

@ -1133,6 +1133,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
}
TALLOC_FREE(parent);
/*
* We need to pass the modified properties
* to the caller.
*/
trust->trust_flags = d.domain_flags;
trust->trust_type = d.domain_type;
trust->trust_attributes = d.domain_trust_attribs;
wcache_tdc_add_domain( &d );
ret_count++;
}

22
source3/winbindd/winbindd_util.c
View File

@ -342,6 +342,20 @@ static void trustdom_list_done(struct tevent_req *req)
char *p;
struct winbindd_tdc_domain trust_params = {0};
ptrdiff_t extra_len;
bool within_forest = false;
/*
* Only when we enumerate our primary domain
* or our forest root domain, we should keep
* the NETR_TRUST_FLAG_IN_FOREST flag, in
* all other cases we need to clear it as the domain
* is not part of our forest.
*/
if (state->domain->primary) {
within_forest = true;
} else if (domain_is_forest_root(state->domain)) {
within_forest = true;
}
res = wb_domain_request_recv(req, state, &response, &err);
if ((res == -1) || (response->result != WINBINDD_OK)) {
@ -427,6 +441,14 @@ static void trustdom_list_done(struct tevent_req *req)
trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
if (!within_forest) {
trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST;
}
if (!state->domain->primary) {
trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY;
}
/*
* We always call add_trusted_domain() cause on an existing
* domain structure, it will update the SID if necessary.