From: Stefan Metzmacher Date: Wed, 12 Feb 2025 16:09:05 +0000 (+0100) Subject: winbindd: make use of lsaR[G|S]etForestTrustInformation2 to allow SCANNER_INFO X-Git-Tag: tevent-0.17.0~686 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69f528a9ceac901c6e43b95b5d782e4b2d0d615c;p=thirdparty%2Fsamba.git winbindd: make use of lsaR[G|S]etForestTrustInformation2 to allow SCANNER_INFO Note that we don't need to handle a fallback to old servers, because we only talk to ourself here. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index ca6db268cb8..6c8074956c6 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -1432,15 +1432,15 @@ static WERROR _winbind_LogonControl_TC_VERIFY(struct pipes_struct *p, } if (trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) { - struct lsa_ForestTrustInformation *old_fti = NULL; + struct lsa_ForestTrustInformation2 *old_fti = NULL; - status = dcerpc_lsa_lsaRQueryForestTrustInformation(local_lsa, frame, + status = dcerpc_lsa_lsaRQueryForestTrustInformation2(local_lsa, frame, &local_lsa_policy, &trusted_domain_name, - LSA_FOREST_TRUST_DOMAIN_INFO, + LSA_FOREST_TRUST_SCANNER_INFO, &old_fti, &result); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("%s:%s: local_lsa.lsaRQueryForestTrustInformation(%s) failed %s\n", + DEBUG(0,("%s:%s: local_lsa.lsaRQueryForestTrustInformation2(%s) failed %s\n", __location__, __func__, domain->name, nt_errstr(status))); TALLOC_FREE(frame); return WERR_INTERNAL_ERROR; @@ -1522,8 +1522,7 @@ reconnect: if (new_fti != NULL) { struct lsa_ForestTrustInformation2 old_fti = {}; struct lsa_ForestTrustInformation2 *new_fti2 = NULL; - struct lsa_ForestTrustInformation2 *merged_fti2 = NULL; - struct lsa_ForestTrustInformation *merged_fti = NULL; + struct lsa_ForestTrustInformation2 *merged_fti = NULL; struct lsa_ForestTrustCollisionInfo *collision_info = NULL; status = trust_forest_info_lsa_1to2(frame, @@ -1538,7 +1537,7 @@ reconnect: local_tdo, &old_fti, new_fti2, - &merged_fti2); + &merged_fti); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("%s:%s: dsdb_trust_merge_forest_info(%s) failed %s\n", __location__, __func__, @@ -1547,18 +1546,10 @@ reconnect: return ntstatus_to_werror(status); } - status = trust_forest_info_lsa_2to1(frame, - merged_fti2, - &merged_fti); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return ntstatus_to_werror(status); - } - - status = dcerpc_lsa_lsaRSetForestTrustInformation(local_lsa, frame, + status = dcerpc_lsa_lsaRSetForestTrustInformation2(local_lsa, frame, &local_lsa_policy, &trusted_domain_name_l, - LSA_FOREST_TRUST_DOMAIN_INFO, + LSA_FOREST_TRUST_SCANNER_INFO, merged_fti, 0, /* check_only=0 => store it! */ &collision_info, @@ -1832,13 +1823,11 @@ WERROR _winbind_GetForestTrustInformation(struct pipes_struct *p, struct lsa_StringLarge trusted_domain_name_l = {}; union lsa_TrustedDomainInfo *tdi = NULL; const struct lsa_TrustDomainInfoInfoEx *tdo = NULL; - struct lsa_ForestTrustInformation _old_fti = {}; - struct lsa_ForestTrustInformation *old_fti = NULL; + struct lsa_ForestTrustInformation2 _old_fti = {}; + struct lsa_ForestTrustInformation2 *old_fti = NULL; struct lsa_ForestTrustInformation *new_fti = NULL; - struct lsa_ForestTrustInformation *merged_fti = NULL; - struct lsa_ForestTrustInformation2 *old_fti2 = NULL; struct lsa_ForestTrustInformation2 *new_fti2 = NULL; - struct lsa_ForestTrustInformation2 *merged_fti2 = NULL; + struct lsa_ForestTrustInformation2 *merged_fti = NULL; struct lsa_ForestTrustCollisionInfo *collision_info = NULL; bool update_fti = false; struct rpc_pipe_client *local_lsa_pipe; @@ -1962,13 +1951,13 @@ reconnect: update_fti = true; } - status = dcerpc_lsa_lsaRQueryForestTrustInformation(local_lsa, frame, + status = dcerpc_lsa_lsaRQueryForestTrustInformation2(local_lsa, frame, &local_lsa_policy, &trusted_domain_name, - LSA_FOREST_TRUST_DOMAIN_INFO, + LSA_FOREST_TRUST_SCANNER_INFO, &old_fti, &result); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("%s:%s: local_lsa.lsaRQueryForestTrustInformation(%s) failed %s\n", + DEBUG(0,("%s:%s: local_lsa.lsaRQueryForestTrustInformation2(%s) failed %s\n", __location__, __func__, domain->name, nt_errstr(status))); TALLOC_FREE(frame); return WERR_INTERNAL_ERROR; @@ -1999,13 +1988,6 @@ reconnect: goto done; } - status = trust_forest_info_lsa_1to2(frame, - old_fti, - &old_fti2); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return ntstatus_to_werror(status); - } status = trust_forest_info_lsa_1to2(frame, new_fti, &new_fti2); @@ -2016,9 +1998,9 @@ reconnect: status = dsdb_trust_merge_forest_info(frame, tdo, - old_fti2, + old_fti, new_fti2, - &merged_fti2); + &merged_fti); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("%s:%s: dsdb_trust_merge_forest_info(%s) failed %s\n", __location__, __func__, domain->name, nt_errstr(status))); @@ -2026,18 +2008,10 @@ reconnect: return ntstatus_to_werror(status); } - status = trust_forest_info_lsa_2to1(frame, - merged_fti2, - &merged_fti); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return ntstatus_to_werror(status); - } - - status = dcerpc_lsa_lsaRSetForestTrustInformation(local_lsa, frame, + status = dcerpc_lsa_lsaRSetForestTrustInformation2(local_lsa, frame, &local_lsa_policy, &trusted_domain_name_l, - LSA_FOREST_TRUST_DOMAIN_INFO, + LSA_FOREST_TRUST_SCANNER_INFO, merged_fti, 0, /* check_only=0 => store it! */ &collision_info,