diff options
| author | Stefan Metzmacher <metze@samba.org> | 2018-02-01 11:10:14 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2018-03-01 00:42:26 +0100 |
| commit | b524562f329b5ee45c5916e5354a48db3b5a0ea6 (patch) | |
| tree | 0834898c05aff86b961201a7345e1f4f07804b70 /source4/kdc | |
| parent | 896a530398d13c894d331719f2bd50862b162f8d (diff) | |
| download | samba-b524562f329b5ee45c5916e5354a48db3b5a0ea6.tar.gz | |
s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 274209f5cd4eec2ffe4ffe12bfbb41eb8ed0c9df)
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/db-glue.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 69c54b00c5b..5ca2c067585 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -57,14 +57,17 @@ enum trust_direction { }; static const char *trust_attrs[] = { + "securityIdentifier", + "flatName", "trustPartner", + "trustAttributes", + "trustDirection", + "trustType", + "msDS-TrustForestTrustInfo", "trustAuthIncoming", "trustAuthOutgoing", "whenCreated", "msDS-SupportedEncryptionTypes", - "trustAttributes", - "trustDirection", - "trustType", NULL }; @@ -1167,7 +1170,6 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, { struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx; const char *our_realm = lpcfg_realm(lp_ctx); - const char *dnsdomain = NULL; char *partner_realm = NULL; const char *realm = NULL; const char *krbtgt_realm = NULL; @@ -1183,7 +1185,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, uint32_t previous_kvno; uint32_t num_keys = 0; enum ndr_err_code ndr_err; - int ret, trust_direction_flags; + int ret; unsigned int i; struct AuthenticationInformationArray *auth_array; struct timeval tv; @@ -1191,6 +1193,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, uint32_t *auth_kvno; bool preferr_current = false; uint32_t supported_enctypes = ENC_RC4_HMAC_MD5; + struct lsa_TrustDomainInfoInfoEx *tdo = NULL; + NTSTATUS status; if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) { supported_enctypes = ldb_msg_find_attr_as_uint(msg, @@ -1198,20 +1202,25 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, supported_enctypes); } - trust_direction_flags = ldb_msg_find_attr_as_int(msg, "trustDirection", 0); - if (!(trust_direction_flags & direction)) { + status = dsdb_trust_parse_tdo_info(mem_ctx, msg, &tdo); + if (!NT_STATUS_IS_OK(status)) { + krb5_clear_error_message(context); + ret = ENOMEM; + goto out; + } + + if (!(tdo->trust_direction & direction)) { krb5_clear_error_message(context); ret = SDB_ERR_NOENTRY; goto out; } - dnsdomain = ldb_msg_find_attr_as_string(msg, "trustPartner", NULL); - if (dnsdomain == NULL) { + if (tdo->domain_name.string == NULL) { krb5_clear_error_message(context); ret = SDB_ERR_NOENTRY; goto out; } - partner_realm = strupper_talloc(mem_ctx, dnsdomain); + partner_realm = strupper_talloc(mem_ctx, tdo->domain_name.string); if (partner_realm == NULL) { krb5_clear_error_message(context); ret = ENOMEM; |