From 02b4fdd41dc1d82fc8b92949fabf128bb4c5da73 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 12 Feb 2025 16:48:05 +0100 Subject: [PATCH] s4:dsdb/common: let dsdb_trust_normalize_forest_info_step2() handle SCANNER and BINARY records Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- source4/dsdb/common/util_trusts.c | 93 +++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c index d6ce2fe198a..9ed1ebe2125 100644 --- a/source4/dsdb/common/util_trusts.c +++ b/source4/dsdb/common/util_trusts.c @@ -1278,6 +1278,9 @@ NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, * Now we add TOP_LEVEL_NAME[_EX] in reverse order * followed by LSA_FOREST_TRUST_DOMAIN_INFO in reverse order. * + * LSA_FOREST_TRUST_SCANNER_INFO and LSA_FOREST_TRUST_BINARY_DATA + * are added last. + * * This also removes the possible NULL entries generated in step1. */ @@ -1297,6 +1300,8 @@ NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, break; case LSA_FOREST_TRUST_DOMAIN_INFO: + case LSA_FOREST_TRUST_BINARY_DATA: + case LSA_FOREST_TRUST_SCANNER_INFO: skip = true; break; @@ -1335,6 +1340,8 @@ NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, switch (gftr->type) { case LSA_FOREST_TRUST_TOP_LEVEL_NAME: case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: + case LSA_FOREST_TRUST_BINARY_DATA: + case LSA_FOREST_TRUST_SCANNER_INFO: skip = true; break; @@ -1363,6 +1370,92 @@ NTSTATUS dsdb_trust_normalize_forest_info_step2(TALLOC_CTX *mem_ctx, } } + for (g = 0; g < gfti->count; g++) { + const struct lsa_ForestTrustRecord2 *gftr = gfti->entries[gfti->count - (g+1)]; + struct lsa_ForestTrustRecord2 tftr; + bool skip = false; + NTSTATUS status; + + if (gftr == NULL) { + continue; + } + + switch (gftr->type) { + case LSA_FOREST_TRUST_TOP_LEVEL_NAME: + case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: + case LSA_FOREST_TRUST_DOMAIN_INFO: + case LSA_FOREST_TRUST_BINARY_DATA: + skip = true; + break; + + case LSA_FOREST_TRUST_SCANNER_INFO: + break; + + default: + TALLOC_FREE(frame); + return NT_STATUS_INVALID_PARAMETER; + } + + if (skip) { + continue; + } + + /* make a copy in order to update the time. */ + tftr = *gftr; + if (tftr.time == 0) { + tftr.time = now; + } + + status = dsdb_trust_forest_info_add_record(nfti, &tftr); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + } + + for (g = 0; g < gfti->count; g++) { + const struct lsa_ForestTrustRecord2 *gftr = gfti->entries[gfti->count - (g+1)]; + struct lsa_ForestTrustRecord2 tftr; + bool skip = false; + NTSTATUS status; + + if (gftr == NULL) { + continue; + } + + switch (gftr->type) { + case LSA_FOREST_TRUST_TOP_LEVEL_NAME: + case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: + case LSA_FOREST_TRUST_DOMAIN_INFO: + case LSA_FOREST_TRUST_SCANNER_INFO: + skip = true; + break; + + case LSA_FOREST_TRUST_BINARY_DATA: + break; + + default: + TALLOC_FREE(frame); + return NT_STATUS_INVALID_PARAMETER; + } + + if (skip) { + continue; + } + + /* make a copy in order to update the time. */ + tftr = *gftr; + if (tftr.time == 0) { + tftr.time = now; + } + + status = dsdb_trust_forest_info_add_record(nfti, &tftr); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + } + *_nfti = talloc_move(mem_ctx, &nfti); TALLOC_FREE(frame); return NT_STATUS_OK; -- 2.47.2