From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 15 Jan 2018 11:02:05 +0000 (+0100)
Subject: winbindd: use Netlogon{Interactive,Network}TransitiveInformation on transitive trusts
X-Git-Tag: tevent-0.9.36~171
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70bb9c27cf8c464d5af79acbe11a0d2d0e20f5a8;p=thirdparty%2Fsamba.git

winbindd: use Netlogon{Interactive,Network}TransitiveInformation on transitive trusts

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b2622a0e92e..52a24efc531 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1428,6 +1428,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 	int netr_attempts = 0;
 	bool retry = false;
 	NTSTATUS result;
+	enum netr_LogonInfoClass logon_type_i;
+	enum netr_LogonInfoClass logon_type_n;
 	uint16_t validation_level = UINT16_MAX;
 	union netr_Validation *validation = NULL;
 
@@ -1488,6 +1490,29 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 			}
 			return result;
 		}
+
+		logon_type_i = NetlogonInteractiveInformation;
+		logon_type_n = NetlogonNetworkInformation;
+		if (domain->domain_trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
+			logon_type_i = NetlogonInteractiveTransitiveInformation;
+			logon_type_n = NetlogonNetworkTransitiveInformation;
+		}
+
+		if (domain->domain_trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			logon_type_i = NetlogonInteractiveTransitiveInformation;
+			logon_type_n = NetlogonNetworkTransitiveInformation;
+		}
+
+		if (domain->domain_trust_attribs & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) {
+			logon_type_i = NetlogonInteractiveInformation;
+			logon_type_n = NetlogonNetworkInformation;
+		}
+
+		if (domain->domain_trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) {
+			logon_type_i = NetlogonInteractiveInformation;
+			logon_type_n = NetlogonNetworkInformation;
+		}
+
 		netr_attempts = 0;
 		if (domain->conn.netlogon_creds_ctx == NULL) {
 			DBG_NOTICE("No security credentials available for "
@@ -1503,7 +1528,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 				username,
 				password,
 				workstation,
-				NetlogonInteractiveInformation,
+				logon_type_i,
 				authoritative,
 				flags,
 				&validation_level,
@@ -1520,7 +1545,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 				chal,
 				lm_response,
 				nt_response,
-				NetlogonNetworkInformation,
+				logon_type_n,
 				authoritative,
 				flags,
 				&validation_level,