From: Ralph Boehme Date: Wed, 13 Dec 2017 07:53:16 +0000 (+0100) Subject: winbindd: add more trust types to get_trust_type_string X-Git-Tag: samba-4.8.0rc1~38 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9fb36370a57904770e1c9ca96279a1854481d3f3;p=thirdparty%2Fsamba.git winbindd: add more trust types to get_trust_type_string Add support for the following trust types: "Local", "Workstation", "RWDC", "RODC"´and "Routed (via ...)". Where we previously returned "None" this now returns "Routed (via ...)", otherwise (hopefully) no change in behaviour. Signed-off-by: Ralph Boehme --- diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c index d2741cb6b6f..964190e7c62 100644 --- a/source3/winbindd/winbindd_misc.c +++ b/source3/winbindd/winbindd_misc.c @@ -27,35 +27,133 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/* Constants and helper functions for determining domain trust types */ +static char *get_trust_type_string(TALLOC_CTX *mem_ctx, + struct winbindd_tdc_domain *tdc, + struct winbindd_domain *domain) +{ + enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL; + char *s = NULL; -enum trust_type { - EXTERNAL = 0, - FOREST, - IN_FOREST, - NONE, -}; + if (domain != NULL) { + secure_channel_type = domain->secure_channel_type; + } -const char *trust_type_strings[] = {"External", - "Forest", - "In Forest", - "None"}; + switch (secure_channel_type) { + case SEC_CHAN_NULL: { + if (domain == NULL) { + DBG_ERR("Missing domain [%s]\n", + tdc->domain_name); + return NULL; + } + if (domain->routing_domain == NULL) { + DBG_ERR("Missing routing for domain [%s]\n", + tdc->domain_name); + return NULL; + } + s = talloc_asprintf(mem_ctx, "Routed (via %s)", + domain->routing_domain->name); + if (s == NULL) { + return NULL; + } + break; + } -static enum trust_type get_trust_type(struct winbindd_tdc_domain *domain) -{ - if (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) - return EXTERNAL; - else if (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) - return FOREST; - else if (((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) == NETR_TRUST_FLAG_IN_FOREST) && - ((domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) == 0x0)) - return IN_FOREST; - return NONE; -} + case SEC_CHAN_LOCAL: + s = talloc_strdup(mem_ctx, "Local"); + if (s == NULL) { + return NULL; + } + break; -static const char *get_trust_type_string(struct winbindd_tdc_domain *domain) -{ - return trust_type_strings[get_trust_type(domain)]; + case SEC_CHAN_WKSTA: + s = talloc_strdup(mem_ctx, "Workstation"); + if (s == NULL) { + return NULL; + } + break; + + case SEC_CHAN_BDC: { + int role = lp_server_role(); + + if (role == ROLE_DOMAIN_PDC) { + s = talloc_strdup(mem_ctx, "PDC"); + if (s == NULL) { + return NULL; + } + break; + } + + if (role == ROLE_DOMAIN_BDC) { + s = talloc_strdup(mem_ctx, "BDC"); + if (s == NULL) { + return NULL; + } + break; + } + + s = talloc_strdup(mem_ctx, "RWDC"); + if (s == NULL) { + return NULL; + } + break; + } + + case SEC_CHAN_RODC: + s = talloc_strdup(mem_ctx, "RODC"); + if (s == NULL) { + return NULL; + } + break; + + case SEC_CHAN_DNS_DOMAIN: + if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { + s = talloc_strdup(mem_ctx, "External"); + if (s == NULL) { + return NULL; + } + break; + } + if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) { + s = talloc_strdup(mem_ctx, "In Forest"); + if (s == NULL) { + return NULL; + } + break; + } + if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { + s = talloc_strdup(mem_ctx, "External"); + if (s == NULL) { + return NULL; + } + break; + } + if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) { + s = talloc_strdup(mem_ctx, "Forest"); + if (s == NULL) { + return NULL; + } + break; + } + s = talloc_strdup(mem_ctx, "External"); + if (s == NULL) { + return NULL; + } + break; + + case SEC_CHAN_DOMAIN: + s = talloc_strdup(mem_ctx, "External"); + if (s == NULL) { + return NULL; + } + break; + + default: + DBG_ERR("Unhandled secure_channel_type %d for domain[%s]\n", + secure_channel_type, tdc->domain_name); + return NULL; + } + + return s; } static bool trust_is_inbound(struct winbindd_tdc_domain *domain) @@ -131,23 +229,32 @@ void winbindd_list_trusted_domains(struct winbindd_cli_state *state) struct winbindd_domain *domain; bool is_online = true; struct winbindd_tdc_domain *d = NULL; + char *trust_type = NULL; d = &dom_list[i]; domain = find_domain_from_name_noinit(d->domain_name); if (domain) { is_online = domain->online; } + + trust_type = get_trust_type_string(talloc_tos(), d, domain); + if (trust_type == NULL) { + continue; + } + extra_data = talloc_asprintf_append_buffer( extra_data, "%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s\n", d->domain_name, d->dns_name ? d->dns_name : "", sid_string_talloc(state->mem_ctx, &d->sid), - get_trust_type_string(d), + trust_type, trust_is_transitive(d) ? "Yes" : "No", trust_is_inbound(d) ? "Yes" : "No", trust_is_outbound(d) ? "Yes" : "No", is_online ? "Online" : "Offline" ); + + TALLOC_FREE(trust_type); } state->response->data.num_entries = num_domains;