From 77a1ed4531ae17a9553c84ba5171cc6f9510adb0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Dec 2024 12:30:56 +0100
Subject: [PATCH] drsblobs.idl: add support for ForestTrustInfo with
 FOREST_TRUST_SCANNER_INFO

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
---
 librpc/idl/drsblobs.idl             | 16 +++++++++-------
 source3/rpc_server/lsa/srv_lsa_nt.c | 14 ++++++++++++--
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/librpc/idl/drsblobs.idl b/librpc/idl/drsblobs.idl
index 002c04f7903..12e457544c4 100644
--- a/librpc/idl/drsblobs.idl
+++ b/librpc/idl/drsblobs.idl
@@ -597,6 +597,15 @@ interface drsblobs {
 
 	/* MS-ADTS 7.1.6.9.3 msDS-TrustForestTrustInfo Attribute */
 
+	/* same as lsa_ForestTrustRecordType, but only 8 bit */
+	typedef [enum8bit] enum {
+		FOREST_TRUST_TOP_LEVEL_NAME = LSA_FOREST_TRUST_TOP_LEVEL_NAME,
+		FOREST_TRUST_TOP_LEVEL_NAME_EX = LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX,
+		FOREST_TRUST_DOMAIN_INFO = LSA_FOREST_TRUST_DOMAIN_INFO,
+		FOREST_TRUST_BINARY_DATA = LSA_FOREST_TRUST_BINARY_DATA,
+		FOREST_TRUST_SCANNER_INFO = LSA_FOREST_TRUST_SCANNER_INFO
+	} ForestTrustInfoRecordType;
+
 	typedef struct {
 		[value(strlen_m(string))] uint32 size;
 		[charset(UTF8)] uint8 string[size];
@@ -621,13 +630,6 @@ interface drsblobs {
 		[default] ForestTrustDataBinaryData data;
 	} ForestTrustData;
 
-	/* same as lsa_ForestTrustRecordType, but only 8 bit */
-	typedef [enum8bit] enum {
-		FOREST_TRUST_TOP_LEVEL_NAME = LSA_FOREST_TRUST_TOP_LEVEL_NAME,
-		FOREST_TRUST_TOP_LEVEL_NAME_EX = LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX,
-		FOREST_TRUST_DOMAIN_INFO = LSA_FOREST_TRUST_DOMAIN_INFO
-	} ForestTrustInfoRecordType;
-
 	/* meaning of flags depends on record type and values are
 	   the same as in lsa.idl, see collision record types */
 	typedef [public,gensize,flag(NDR_NOALIGN)] struct {
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 992cf93875e..6d4d861fad9 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -4493,7 +4493,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 		exclusion = false;
 
 		switch (nrec->type) {
-		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+		case FOREST_TRUST_TOP_LEVEL_NAME_EX:
 			/* exclusions do not conflict by definition */
 			break;
 
@@ -4501,11 +4501,21 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 			dns_name = nrec->data.name.string;
 			break;
 
-		case LSA_FOREST_TRUST_DOMAIN_INFO:
+		case FOREST_TRUST_DOMAIN_INFO:
 			dns_name = nrec->data.info.dns_name.string;
 			nb_name = nrec->data.info.netbios_name.string;
 			sid = &nrec->data.info.sid;
 			break;
+
+		case FOREST_TRUST_BINARY_DATA:
+			break;
+
+		case FOREST_TRUST_SCANNER_INFO:
+			/*
+			 * We don't have a scanner yet,
+			 * so we don't check this here
+			 */
+			break;
 		}
 
 		if (!dns_name) continue;
-- 
2.47.2