From: Stefan Metzmacher Date: Wed, 12 Feb 2025 15:26:06 +0000 (+0100) Subject: s4:dsdb/util_trusts: convert most functions from lsa_ForestTrustInformation to lsa_Fo... X-Git-Tag: tevent-0.17.0~698 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0f025c87cbe4b6de4f606a82248530827dc7d6b;p=thirdparty%2Fsamba.git s4:dsdb/util_trusts: convert most functions from lsa_ForestTrustInformation to lsa_ForestTrustInformation2 We use trust_forest_info_lsa_{1to2,2to1}() where needed. This will make it possible to support FOREST_TRUST_BINARY_DATA and FOREST_TRUST_SCANNER_INFO later. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/libcli/lsarpc/util_lsarpc.c b/libcli/lsarpc/util_lsarpc.c index e823b6c1cc9..8a813b605c1 100644 --- a/libcli/lsarpc/util_lsarpc.c +++ b/libcli/lsarpc/util_lsarpc.c @@ -874,7 +874,7 @@ NTSTATUS trust_forest_info_lsa_2to1(TALLOC_CTX *mem_ctx, } static int trust_forest_info_tln_match_internal( - const struct lsa_ForestTrustInformation *info, + const struct lsa_ForestTrustInformation2 *info, enum lsa_ForestTrustRecordType type, uint32_t disable_mask, const char *tln) @@ -882,7 +882,7 @@ static int trust_forest_info_tln_match_internal( uint32_t i; for (i = 0; i < info->count; i++) { - struct lsa_ForestTrustRecord *e = info->entries[i]; + struct lsa_ForestTrustRecord2 *e = info->entries[i]; struct lsa_StringLarge *t = NULL; int cmp; @@ -925,7 +925,7 @@ static int trust_forest_info_tln_match_internal( } bool trust_forest_info_tln_match( - const struct lsa_ForestTrustInformation *info, + const struct lsa_ForestTrustInformation2 *info, const char *tln) { int m; @@ -942,7 +942,7 @@ bool trust_forest_info_tln_match( } bool trust_forest_info_tln_ex_match( - const struct lsa_ForestTrustInformation *info, + const struct lsa_ForestTrustInformation2 *info, const char *tln) { int m; diff --git a/libcli/lsarpc/util_lsarpc.h b/libcli/lsarpc/util_lsarpc.h index b894f9ab23f..152fa52e389 100644 --- a/libcli/lsarpc/util_lsarpc.h +++ b/libcli/lsarpc/util_lsarpc.h @@ -60,9 +60,9 @@ NTSTATUS trust_forest_info_lsa_2to1(TALLOC_CTX *mem_ctx, struct lsa_ForestTrustInformation **_lfti); bool trust_forest_info_tln_match( - const struct lsa_ForestTrustInformation *info, + const struct lsa_ForestTrustInformation2 *info, const char *tln); bool trust_forest_info_tln_ex_match( - const struct lsa_ForestTrustInformation *info, + const struct lsa_ForestTrustInformation2 *info, const char *tln); #endif /* _LIBCLI_AUTH_UTIL_LSARPC_H_ */ diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 2572588f6d1..ca6db268cb8 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -39,6 +39,7 @@ #include "rpc_client/util_netlogon.h" #include "libsmb/dsgetdcname.h" #include "lib/global_contexts.h" +#include "libcli/lsarpc/util_lsarpc.h" NTSTATUS _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r) { @@ -1519,13 +1520,25 @@ reconnect: } if (new_fti != NULL) { - struct lsa_ForestTrustInformation old_fti = {}; + struct lsa_ForestTrustInformation2 old_fti = {}; + struct lsa_ForestTrustInformation2 *new_fti2 = NULL; + struct lsa_ForestTrustInformation2 *merged_fti2 = NULL; struct lsa_ForestTrustInformation *merged_fti = NULL; struct lsa_ForestTrustCollisionInfo *collision_info = NULL; - status = dsdb_trust_merge_forest_info(frame, local_tdo, - &old_fti, new_fti, - &merged_fti); + status = trust_forest_info_lsa_1to2(frame, + new_fti, + &new_fti2); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return ntstatus_to_werror(status); + } + + status = dsdb_trust_merge_forest_info(frame, + local_tdo, + &old_fti, + new_fti2, + &merged_fti2); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("%s:%s: dsdb_trust_merge_forest_info(%s) failed %s\n", __location__, __func__, @@ -1534,6 +1547,14 @@ reconnect: return ntstatus_to_werror(status); } + status = trust_forest_info_lsa_2to1(frame, + merged_fti2, + &merged_fti); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return ntstatus_to_werror(status); + } + status = dcerpc_lsa_lsaRSetForestTrustInformation(local_lsa, frame, &local_lsa_policy, &trusted_domain_name_l, @@ -1815,6 +1836,9 @@ WERROR _winbind_GetForestTrustInformation(struct pipes_struct *p, struct lsa_ForestTrustInformation *old_fti = NULL; struct lsa_ForestTrustInformation *new_fti = NULL; struct lsa_ForestTrustInformation *merged_fti = NULL; + struct lsa_ForestTrustInformation2 *old_fti2 = NULL; + struct lsa_ForestTrustInformation2 *new_fti2 = NULL; + struct lsa_ForestTrustInformation2 *merged_fti2 = NULL; struct lsa_ForestTrustCollisionInfo *collision_info = NULL; bool update_fti = false; struct rpc_pipe_client *local_lsa_pipe; @@ -1975,8 +1999,26 @@ reconnect: goto done; } - status = dsdb_trust_merge_forest_info(frame, tdo, old_fti, new_fti, - &merged_fti); + status = trust_forest_info_lsa_1to2(frame, + old_fti, + &old_fti2); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return ntstatus_to_werror(status); + } + status = trust_forest_info_lsa_1to2(frame, + new_fti, + &new_fti2); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return ntstatus_to_werror(status); + } + + status = dsdb_trust_merge_forest_info(frame, + tdo, + old_fti2, + new_fti2, + &merged_fti2); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("%s:%s: dsdb_trust_merge_forest_info(%s) failed %s\n", __location__, __func__, domain->name, nt_errstr(status))); @@ -1984,6 +2026,14 @@ reconnect: return ntstatus_to_werror(status); } + status = trust_forest_info_lsa_2to1(frame, + merged_fti2, + &merged_fti); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return ntstatus_to_werror(status); + } + status = dcerpc_lsa_lsaRSetForestTrustInformation(local_lsa, frame, &local_lsa_policy, &trusted_domain_name_l, diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c index 0d1a8d63874..ed821f1bc4e 100644 --- a/source4/dsdb/common/util_trusts.c +++ b/source4/dsdb/common/util_trusts.c @@ -39,12 +39,11 @@ #undef strcasecmp - -static NTSTATUS dsdb_trust_forest_info_add_record(struct lsa_ForestTrustInformation *fti, - const struct lsa_ForestTrustRecord *ftr) +static NTSTATUS dsdb_trust_forest_info_add_record(struct lsa_ForestTrustInformation2 *fti, + const struct lsa_ForestTrustRecord2 *ftr) { - struct lsa_ForestTrustRecord **es = NULL; - struct lsa_ForestTrustRecord *e = NULL; + struct lsa_ForestTrustRecord2 **es = NULL; + struct lsa_ForestTrustRecord2 *e = NULL; const struct lsa_StringLarge *dns1 = NULL; struct lsa_StringLarge *dns2 = NULL; const struct lsa_ForestTrustDomainInfo *d1 = NULL; @@ -52,14 +51,14 @@ static NTSTATUS dsdb_trust_forest_info_add_record(struct lsa_ForestTrustInformat size_t len = 0; es = talloc_realloc(fti, fti->entries, - struct lsa_ForestTrustRecord *, + struct lsa_ForestTrustRecord2 *, fti->count + 1); if (!es) { return NT_STATUS_NO_MEMORY; } fti->entries = es; - e = talloc_zero(es, struct lsa_ForestTrustRecord); + e = talloc_zero(es, struct lsa_ForestTrustRecord2); if (e == NULL) { return NT_STATUS_NO_MEMORY; } @@ -459,10 +458,10 @@ static int dsdb_trust_xref_sort_vals(struct ldb_val *v1, NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, - struct lsa_ForestTrustInformation **_info) + struct lsa_ForestTrustInformation2 **_info) { TALLOC_CTX *frame = talloc_stackframe(); - struct lsa_ForestTrustInformation *info = NULL; + struct lsa_ForestTrustInformation2 *info = NULL; struct ldb_dn *partitions_dn = NULL; const char * const cross_attrs1[] = { "uPNSuffixes", @@ -488,7 +487,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, bool restart = false; *_info = NULL; - info = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation); + info = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation2); if (info == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; @@ -557,7 +556,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, struct dom_sid sid = { .num_auths = 0, }; - struct lsa_ForestTrustRecord e = { + struct lsa_ForestTrustRecord2 e = { .flags = 0, }; struct lsa_ForestTrustDomainInfo *d = NULL; @@ -594,7 +593,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, /* * First the TOP_LEVEL_NAME, if required */ - e = (struct lsa_ForestTrustRecord) { + e = (struct lsa_ForestTrustRecord2) { .flags = 0, .type = LSA_FOREST_TRUST_TOP_LEVEL_NAME, .time = 0, /* so far always 0 in traces. */ @@ -613,7 +612,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, /* * Then the DOMAIN_INFO */ - e = (struct lsa_ForestTrustRecord) { + e = (struct lsa_ForestTrustRecord2) { .flags = 0, .type = LSA_FOREST_TRUST_DOMAIN_INFO, .time = 0, /* so far always 0 in traces. */ @@ -633,7 +632,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, for (i=0; (tln_el != NULL) && i < tln_el->num_values; i++) { const struct ldb_val *v = &tln_el->values[i]; const char *dns = (const char *)v->data; - struct lsa_ForestTrustRecord e = { + struct lsa_ForestTrustRecord2 e = { .flags = 0, }; struct lsa_StringLarge *t = NULL; @@ -653,7 +652,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, /* * an additional the TOP_LEVEL_NAME */ - e = (struct lsa_ForestTrustRecord) { + e = (struct lsa_ForestTrustRecord2) { .flags = 0, .type = LSA_FOREST_TRUST_TOP_LEVEL_NAME, .time = 0, /* so far always 0 in traces. */ @@ -669,7 +668,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, } for (i=0; i < info->count; restart ? i=0 : i++) { - struct lsa_ForestTrustRecord *tr = info->entries[i]; + struct lsa_ForestTrustRecord2 *tr = info->entries[i]; const struct lsa_StringLarge *ts = NULL; uint32_t c; @@ -682,7 +681,7 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, ts = &tr->forest_trust_data.top_level_name; for (c = i + 1; c < info->count; c++) { - struct lsa_ForestTrustRecord *cr = info->entries[c]; + struct lsa_ForestTrustRecord2 *cr = info->entries[c]; const struct lsa_StringLarge *cs = NULL; uint32_t j; int cmp; @@ -863,16 +862,16 @@ NTSTATUS dsdb_trust_default_forest_info(TALLOC_CTX *mem_ctx, } NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, - const struct lsa_ForestTrustInformation *gfti, - struct lsa_ForestTrustInformation **_nfti) + const struct lsa_ForestTrustInformation2 *gfti, + struct lsa_ForestTrustInformation2 **_nfti) { TALLOC_CTX *frame = talloc_stackframe(); - struct lsa_ForestTrustInformation *nfti; + struct lsa_ForestTrustInformation2 *nfti; uint32_t n; *_nfti = NULL; - nfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation); + nfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation2); if (nfti == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; @@ -888,8 +887,8 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, * provide the correct index for collision records. */ for (n = 0; n < gfti->count; n++) { - const struct lsa_ForestTrustRecord *gftr = gfti->entries[n]; - struct lsa_ForestTrustRecord *nftr = NULL; + const struct lsa_ForestTrustRecord2 *gftr = gfti->entries[n]; + struct lsa_ForestTrustRecord2 *nftr = NULL; struct lsa_ForestTrustDomainInfo *ninfo = NULL; struct lsa_StringLarge *ntln = NULL; struct lsa_StringLarge *nnb = NULL; @@ -971,7 +970,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, } for (c = 0; c < n; c++) { - const struct lsa_ForestTrustRecord *cftr = nfti->entries[c]; + const struct lsa_ForestTrustRecord2 *cftr = nfti->entries[c]; const struct lsa_ForestTrustDomainInfo *cinfo = NULL; const struct lsa_StringLarge *ctln = NULL; const struct lsa_StringLarge *cnb = NULL; @@ -1038,7 +1037,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, * Now we check that only true top level names are provided */ for (n = 0; n < nfti->count; n++) { - const struct lsa_ForestTrustRecord *nftr = nfti->entries[n]; + const struct lsa_ForestTrustRecord2 *nftr = nfti->entries[n]; const struct lsa_StringLarge *ntln = NULL; uint32_t c; @@ -1053,7 +1052,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, ntln = &nftr->forest_trust_data.top_level_name; for (c = 0; c < nfti->count; c++) { - const struct lsa_ForestTrustRecord *cftr = nfti->entries[c]; + const struct lsa_ForestTrustRecord2 *cftr = nfti->entries[c]; const struct lsa_StringLarge *ctln = NULL; int cmp; @@ -1085,7 +1084,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, * Now we check that only true sub level excludes are provided */ for (n = 0; n < nfti->count; n++) { - const struct lsa_ForestTrustRecord *nftr = nfti->entries[n]; + const struct lsa_ForestTrustRecord2 *nftr = nfti->entries[n]; const struct lsa_StringLarge *ntln = NULL; uint32_t c; bool found_tln = false; @@ -1101,7 +1100,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, ntln = &nftr->forest_trust_data.top_level_name; for (c = 0; c < nfti->count; c++) { - const struct lsa_ForestTrustRecord *cftr = nfti->entries[c]; + const struct lsa_ForestTrustRecord2 *cftr = nfti->entries[c]; const struct lsa_StringLarge *ctln = NULL; int cmp; @@ -1138,7 +1137,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, * Now we check that there's a top level name for each domain */ for (n = 0; n < nfti->count; n++) { - const struct lsa_ForestTrustRecord *nftr = nfti->entries[n]; + const struct lsa_ForestTrustRecord2 *nftr = nfti->entries[n]; const struct lsa_ForestTrustDomainInfo *ninfo = NULL; const struct lsa_StringLarge *ntln = NULL; uint32_t c; @@ -1156,7 +1155,7 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, ntln = &ninfo->dns_domain_name; for (c = 0; c < nfti->count; c++) { - const struct lsa_ForestTrustRecord *cftr = nfti->entries[c]; + const struct lsa_ForestTrustRecord2 *cftr = nfti->entries[c]; const struct lsa_StringLarge *ctln = NULL; int cmp; @@ -1199,18 +1198,18 @@ NTSTATUS dsdb_trust_normalize_forest_info_step1(TALLOC_CTX *mem_ctx, } NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, - const struct lsa_ForestTrustInformation *gfti, - struct lsa_ForestTrustInformation **_nfti) + const struct lsa_ForestTrustInformation2 *gfti, + struct lsa_ForestTrustInformation2 **_nfti) { TALLOC_CTX *frame = talloc_stackframe(); struct timeval tv = timeval_current(); NTTIME now = timeval_to_nttime(&tv); - struct lsa_ForestTrustInformation *nfti; + struct lsa_ForestTrustInformation2 *nfti; uint32_t g; *_nfti = NULL; - nfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation); + nfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation2); if (nfti == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; @@ -1225,8 +1224,8 @@ NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, */ for (g = 0; g < gfti->count; g++) { - const struct lsa_ForestTrustRecord *gftr = gfti->entries[gfti->count - (g+1)]; - struct lsa_ForestTrustRecord tftr; + const struct lsa_ForestTrustRecord2 *gftr = gfti->entries[gfti->count - (g+1)]; + struct lsa_ForestTrustRecord2 tftr; bool skip = false; NTSTATUS status; @@ -1266,8 +1265,8 @@ NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, } for (g = 0; g < gfti->count; g++) { - const struct lsa_ForestTrustRecord *gftr = gfti->entries[gfti->count - (g+1)]; - struct lsa_ForestTrustRecord tftr; + const struct lsa_ForestTrustRecord2 *gftr = gfti->entries[gfti->count - (g+1)]; + struct lsa_ForestTrustRecord2 tftr; bool skip = false; NTSTATUS status; @@ -1345,15 +1344,15 @@ static NTSTATUS dsdb_trust_add_collision( } NTSTATUS dsdb_trust_verify_forest_info(const struct lsa_TrustDomainInfoInfoEx *ref_tdo, - const struct lsa_ForestTrustInformation *ref_fti, + const struct lsa_ForestTrustInformation2 *ref_fti, enum lsa_ForestTrustCollisionRecordType collision_type, struct lsa_ForestTrustCollisionInfo *c_info, - struct lsa_ForestTrustInformation *new_fti) + struct lsa_ForestTrustInformation2 *new_fti) { uint32_t n; for (n = 0; n < new_fti->count; n++) { - struct lsa_ForestTrustRecord *nftr = new_fti->entries[n]; + struct lsa_ForestTrustRecord2 *nftr = new_fti->entries[n]; struct lsa_StringLarge *ntln = NULL; bool ntln_excluded = false; uint32_t flags = 0; @@ -1378,7 +1377,7 @@ NTSTATUS dsdb_trust_verify_forest_info(const struct lsa_TrustDomainInfoInfoEx *r /* check if this is already taken and not excluded */ for (r = 0; r < ref_fti->count; r++) { - const struct lsa_ForestTrustRecord *rftr = + const struct lsa_ForestTrustRecord2 *rftr = ref_fti->entries[r]; const struct lsa_StringLarge *rtln = NULL; int cmp; @@ -1454,7 +1453,7 @@ NTSTATUS dsdb_trust_verify_forest_info(const struct lsa_TrustDomainInfoInfoEx *r } for (n = 0; n < new_fti->count; n++) { - struct lsa_ForestTrustRecord *nftr = new_fti->entries[n]; + struct lsa_ForestTrustRecord2 *nftr = new_fti->entries[n]; struct lsa_ForestTrustDomainInfo *ninfo = NULL; struct lsa_StringLarge *ntln = NULL; struct lsa_StringLarge *nnb = NULL; @@ -1490,7 +1489,7 @@ NTSTATUS dsdb_trust_verify_forest_info(const struct lsa_TrustDomainInfoInfoEx *r /* check if this is already taken and not excluded */ for (r = 0; r < ref_fti->count; r++) { - const struct lsa_ForestTrustRecord *rftr = + const struct lsa_ForestTrustRecord2 *rftr = ref_fti->entries[r]; const struct lsa_ForestTrustDomainInfo *rinfo = NULL; const struct lsa_StringLarge *rtln = NULL; @@ -1624,19 +1623,19 @@ NTSTATUS dsdb_trust_verify_forest_info(const struct lsa_TrustDomainInfoInfoEx *r NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, const struct lsa_TrustDomainInfoInfoEx *tdo, - const struct lsa_ForestTrustInformation *ofti, - const struct lsa_ForestTrustInformation *nfti, - struct lsa_ForestTrustInformation **_mfti) + const struct lsa_ForestTrustInformation2 *ofti, + const struct lsa_ForestTrustInformation2 *nfti, + struct lsa_ForestTrustInformation2 **_mfti) { TALLOC_CTX *frame = talloc_stackframe(); - struct lsa_ForestTrustInformation *mfti = NULL; + struct lsa_ForestTrustInformation2 *mfti = NULL; uint32_t ni; uint32_t oi; NTSTATUS status; int cmp; *_mfti = NULL; - mfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation); + mfti = talloc_zero(mem_ctx, struct lsa_ForestTrustInformation2); if (mfti == NULL) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; @@ -1651,8 +1650,8 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, * may keep the flags and time values. */ for (ni = 0; ni < nfti->count; ni++) { - const struct lsa_ForestTrustRecord *nftr = nfti->entries[ni]; - struct lsa_ForestTrustRecord tftr = { + const struct lsa_ForestTrustRecord2 *nftr = nfti->entries[ni]; + struct lsa_ForestTrustRecord2 tftr = { .flags = 0, }; const char *ndns = NULL; @@ -1685,7 +1684,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, } for (mi = 0; mi < mfti->count; mi++) { - const struct lsa_ForestTrustRecord *mftr = + const struct lsa_ForestTrustRecord2 *mftr = mfti->entries[mi]; const char *mdns = NULL; @@ -1718,7 +1717,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, tftr = *nftr; for (oi = 0; oi < ofti->count; oi++) { - const struct lsa_ForestTrustRecord *oftr = + const struct lsa_ForestTrustRecord2 *oftr = ofti->entries[oi]; const char *odns = NULL; @@ -1768,8 +1767,8 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, * and may keep the flags and time values. */ for (ni = 0; ni < nfti->count; ni++) { - const struct lsa_ForestTrustRecord *nftr = nfti->entries[ni]; - struct lsa_ForestTrustRecord tftr = { + const struct lsa_ForestTrustRecord2 *nftr = nfti->entries[ni]; + struct lsa_ForestTrustRecord2 tftr = { .flags = 0, }; const struct lsa_ForestTrustDomainInfo *nd = NULL; @@ -1805,7 +1804,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, } for (mi = 0; mi < mfti->count; mi++) { - const struct lsa_ForestTrustRecord *mftr = + const struct lsa_ForestTrustRecord2 *mftr = mfti->entries[mi]; const struct lsa_ForestTrustDomainInfo *md = NULL; @@ -1836,7 +1835,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, tftr = *nftr; for (oi = 0; oi < ofti->count; oi++) { - const struct lsa_ForestTrustRecord *oftr = + const struct lsa_ForestTrustRecord2 *oftr = ofti->entries[oi]; const struct lsa_ForestTrustDomainInfo *od = NULL; const char *onbt = NULL; @@ -1888,7 +1887,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, * if not already in the list. */ for (oi = 0; oi < ofti->count; oi++) { - const struct lsa_ForestTrustRecord *oftr = + const struct lsa_ForestTrustRecord2 *oftr = ofti->entries[oi]; const struct lsa_ForestTrustDomainInfo *od = NULL; const char *odns = NULL; @@ -1936,7 +1935,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, } for (mi = 0; mi < mfti->count; mi++) { - const struct lsa_ForestTrustRecord *mftr = + const struct lsa_ForestTrustRecord2 *mftr = mfti->entries[mi]; const struct lsa_ForestTrustDomainInfo *md = NULL; @@ -1973,7 +1972,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, * if they still match a top level name. */ for (oi = 0; oi < ofti->count; oi++) { - const struct lsa_ForestTrustRecord *oftr = + const struct lsa_ForestTrustRecord2 *oftr = ofti->entries[oi]; const char *odns = NULL; bool ignore_old = false; @@ -1999,7 +1998,7 @@ NTSTATUS dsdb_trust_merge_forest_info(TALLOC_CTX *mem_ctx, } for (mi = 0; mi < mfti->count; mi++) { - const struct lsa_ForestTrustRecord *mftr = + const struct lsa_ForestTrustRecord2 *mftr = mfti->entries[mi]; const char *mdns = NULL; @@ -2444,7 +2443,7 @@ struct dsdb_trust_routing_domain { struct lsa_ForestTrustDomainInfo di; - struct lsa_ForestTrustInformation *fti; + struct lsa_ForestTrustInformation2 *fti; }; NTSTATUS dsdb_trust_routing_table_load(struct ldb_context *sam_ctx, @@ -2582,7 +2581,7 @@ NTSTATUS dsdb_trust_routing_table_load(struct ldb_context *sam_ctx, continue; } - status = trust_forest_info_to_lsa(d, fti, &d->fti); + status = trust_forest_info_to_lsa2(d, fti, &d->fti); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return status; @@ -2743,7 +2742,7 @@ const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_routing_by_name( } for (i = 0; i < d->fti->count; i++ ) { - const struct lsa_ForestTrustRecord *f = d->fti->entries[i]; + const struct lsa_ForestTrustRecord2 *f = d->fti->entries[i]; const struct lsa_ForestTrustDomainInfo *di = NULL; const char *fti_nbt = NULL; int cmp; @@ -2785,8 +2784,8 @@ const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_routing_by_name( } for (i = 0; i < d->fti->count; i++ ) { - const struct lsa_ForestTrustRecord *f = d->fti->entries[i]; - const union lsa_ForestTrustData *u = NULL; + const struct lsa_ForestTrustRecord2 *f = d->fti->entries[i]; + const union lsa_ForestTrustData2 *u = NULL; const char *fti_tln = NULL; int cmp; @@ -2888,7 +2887,7 @@ const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_domain_by_sid( } for (i = 0; i < d->fti->count; i++ ) { - const struct lsa_ForestTrustRecord *f = d->fti->entries[i]; + const struct lsa_ForestTrustRecord2 *f = d->fti->entries[i]; const struct lsa_ForestTrustDomainInfo *di = NULL; const struct dom_sid *fti_sid = NULL; bool match = false; @@ -2998,7 +2997,7 @@ const struct lsa_TrustDomainInfoInfoEx *dsdb_trust_domain_by_name( } for (i = 0; i < d->fti->count; i++ ) { - const struct lsa_ForestTrustRecord *f = d->fti->entries[i]; + const struct lsa_ForestTrustRecord2 *f = d->fti->entries[i]; const struct lsa_ForestTrustDomainInfo *di = NULL; bool match = false; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index c83aa913e2a..42cd1af434a 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -4662,7 +4662,7 @@ static NTSTATUS dcesrv_lsa_SetFTI( struct lsa_policy_state *p_state, const char *trusted_domain_name, enum lsa_ForestTrustRecordType highest_record_type, - const struct lsa_ForestTrustInformation *forest_trust_info, + const struct lsa_ForestTrustInformation2 *forest_trust_info, uint8_t check_only, struct lsa_ForestTrustCollisionInfo **_c_info) { @@ -4678,13 +4678,13 @@ static NTSTATUS dcesrv_lsa_SetFTI( }; struct ldb_message *trust_tdo_msg = NULL; struct lsa_TrustDomainInfoInfoEx *trust_tdo = NULL; - struct lsa_ForestTrustInformation *step1_lfti = NULL; - struct lsa_ForestTrustInformation *step2_lfti = NULL; + struct lsa_ForestTrustInformation2 *step1_lfti = NULL; + struct lsa_ForestTrustInformation2 *step2_lfti = NULL; struct ForestTrustInfo *trust_fti = NULL; struct ldb_result *trusts_res = NULL; unsigned int i; struct lsa_TrustDomainInfoInfoEx *xref_tdo = NULL; - struct lsa_ForestTrustInformation *xref_lfti = NULL; + struct lsa_ForestTrustInformation2 *xref_lfti = NULL; struct lsa_ForestTrustCollisionInfo *c_info = NULL; DATA_BLOB ft_blob = {}; struct ldb_message *msg = NULL; @@ -4811,7 +4811,7 @@ static NTSTATUS dcesrv_lsa_SetFTI( for (i = 0; i < trusts_res->count; i++) { struct lsa_TrustDomainInfoInfoEx *tdo = NULL; struct ForestTrustInfo *fti = NULL; - struct lsa_ForestTrustInformation *lfti = NULL; + struct lsa_ForestTrustInformation2 *lfti = NULL; status = dsdb_trust_parse_tdo_info(mem_ctx, trusts_res->msgs[i], @@ -4830,7 +4830,7 @@ static NTSTATUS dcesrv_lsa_SetFTI( goto done; } - status = trust_forest_info_to_lsa(tdo, fti, &lfti); + status = trust_forest_info_to_lsa2(tdo, fti, &lfti); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -4867,7 +4867,7 @@ static NTSTATUS dcesrv_lsa_SetFTI( goto done; } - status = trust_forest_info_from_lsa(mem_ctx, step2_lfti, &trust_fti); + status = trust_forest_info_from_lsa2(mem_ctx, step2_lfti, &trust_fti); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -4941,18 +4941,26 @@ static NTSTATUS dcesrv_lsa_lsaRSetForestTrustInformation(struct dcesrv_call_stat struct dcesrv_handle *h = NULL; struct lsa_policy_state *p_state = NULL; struct lsa_ForestTrustCollisionInfo *c_info = NULL; + struct lsa_ForestTrustInformation2 *in_lfti2 = NULL; NTSTATUS status; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); p_state = talloc_get_type_abort(h->data, struct lsa_policy_state); + status = trust_forest_info_lsa_1to2(mem_ctx, + r->in.forest_trust_info, + &in_lfti2); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = dcesrv_lsa_SetFTI(dce_call, mem_ctx, p_state, r->in.trusted_domain_name->string, r->in.highest_record_type, - r->in.forest_trust_info, + in_lfti2, r->in.check_only, &c_info); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 9d7fc4ac0da..26002c0f457 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -47,6 +47,7 @@ #include "lib/socket/netif.h" #include "lib/util/util_str_escape.h" #include "lib/param/loadparm.h" +#include "libcli/lsarpc/util_lsarpc.h" #define DCESRV_INTERFACE_NETLOGON_BIND(context, iface) \ dcesrv_interface_netlogon_bind(context, iface) @@ -4522,13 +4523,20 @@ static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state } if (r->in.trusted_domain_name == NULL) { + struct lsa_ForestTrustInformation2 *lfti2 = NULL; NTSTATUS status; /* * information about our own domain */ - status = dsdb_trust_xref_forest_info(mem_ctx, sam_ctx, - r->out.forest_trust_info); + status = dsdb_trust_xref_forest_info(mem_ctx, sam_ctx, &lfti2); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + + status = trust_forest_info_lsa_2to1(r->out.forest_trust_info, + lfti2, + r->out.forest_trust_info); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); } @@ -4614,6 +4622,7 @@ static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state * struct ldb_context *sam_ctx = NULL; struct ldb_dn *domain_dn = NULL; struct ldb_dn *forest_dn = NULL; + struct lsa_ForestTrustInformation2 *lfti2 = NULL; int cmp; int forest_level; NTSTATUS status; @@ -4660,8 +4669,17 @@ static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state * return NT_STATUS_INVALID_DOMAIN_STATE; } - status = dsdb_trust_xref_forest_info(mem_ctx, sam_ctx, - r->out.forest_trust_info); + /* + * information about our own domain + */ + status = dsdb_trust_xref_forest_info(mem_ctx, sam_ctx, &lfti2); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = trust_forest_info_lsa_2to1(r->out.forest_trust_info, + lfti2, + r->out.forest_trust_info); if (!NT_STATUS_IS_OK(status)) { return status; }