From: Andreas Schneider <asn@samba.org>
Date: Thu, 31 Aug 2023 16:08:56 +0000 (+0200)
Subject: s3:winbind: Use dcerpc_lsa_open_policy_fallback() in winbindd_cm.c
X-Git-Tag: talloc-2.4.2~591
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05a006fab946ec9dad820c2910bb9782c7fcd380;p=thirdparty%2Fsamba.git

s3:winbind: Use dcerpc_lsa_open_policy_fallback() in winbindd_cm.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index ee6b1b91bd1..7b136e04f52 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2186,6 +2186,12 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
 	struct policy_handle pol;
 	union dssetup_DsRoleInfo info;
 	union lsa_PolicyInformation *lsa_info = NULL;
+	union lsa_revision_info out_revision_info = {
+		.info1 = {
+			.revision = 0,
+		},
+	};
+	uint32_t out_version = 0;
 
 	if (!domain->internal && !connection_ok(domain)) {
 		return;
@@ -2274,10 +2280,17 @@ no_dssetup:
 		return;
 	}
 
-	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
-					 SEC_FLAG_MAXIMUM_ALLOWED, &pol);
+	status = dcerpc_lsa_open_policy_fallback(cli->binding_handle,
+						 mem_ctx,
+						 cli->srv_name_slash,
+						 true,
+						 SEC_FLAG_MAXIMUM_ALLOWED,
+						 &out_version,
+						 &out_revision_info,
+						 &pol,
+						 &result);
 
-	if (NT_STATUS_IS_OK(status)) {
+	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
 		/* This particular query is exactly what Win2k clients use
 		   to determine that the DC is active directory */
 		status = dcerpc_lsa_QueryInfoPolicy2(cli->binding_handle, mem_ctx,
@@ -2287,6 +2300,10 @@ no_dssetup:
 						     &result);
 	}
 
+	/*
+	 * If the status and result will not be OK we will fallback to
+	 * OpenPolicy.
+	 */
 	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
 		domain->active_directory = True;