return NT_STATUS_OK;
}
+bool set_routing_domain(struct winbindd_domain *domain,
+ const struct winbindd_domain *routing_domain)
+{
+ if (domain->routing_domain == NULL) {
+ domain->routing_domain = routing_domain;
+ return true;
+ }
+ if (domain->routing_domain != routing_domain) {
+ return false;
+ }
+ return true;
+}
+
+bool add_trusted_domain_from_auth(uint16_t validation_level,
+ struct info3_text *info3,
+ struct info6_text *info6)
+{
+ struct winbindd_domain *domain = NULL;
+ struct dom_sid domain_sid;
+ const char *dns_domainname = NULL;
+ NTSTATUS status;
+ bool ok;
+
+ /*
+ * We got a successfull auth from a domain that might not yet be in our
+ * domain list. If we're a member we trust our DC who authenticated the
+ * user from that domain and add the domain to our list on-the-fly. If
+ * we're a DC we rely on configured trusts and don't add on-the-fly.
+ */
+
+ if (IS_DC) {
+ return true;
+ }
+
+ ok = dom_sid_parse(info3->dom_sid, &domain_sid);
+ if (!ok) {
+ DBG_NOTICE("dom_sid_parse [%s] failed\n", info3->dom_sid);
+ return false;
+ }
+
+ if (validation_level == 6) {
+ dns_domainname = &info6->dns_domainname[0];
+ }
+
+ status = add_trusted_domain(info3->logon_dom,
+ dns_domainname,
+ &domain_sid,
+ 0,
+ NETR_TRUST_FLAG_OUTBOUND,
+ 0,
+ SEC_CHAN_NULL,
+ &domain);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN))
+ {
+ DBG_DEBUG("Adding domain [%s] with sid [%s] failed\n",
+ info3->logon_dom, info3->dom_sid);
+ return false;
+ }
+
+ ok = set_routing_domain(domain, find_default_route_domain());
+ if (!ok) {
+ return false;
+ }
+
+ return true;
+}
+
bool domain_is_forest_root(const struct winbindd_domain *domain)
{
const uint32_t fr_flags =
ptrdiff_t extra_len;
bool within_forest = false;
NTSTATUS status;
+ bool ok;
/*
* Only when we enumerate our primary domain
return;
}
+ ok = set_routing_domain(domain, find_default_route_domain());
+ if (!ok) {
+ DBG_ERR("set_routing_domain failed\n");
+ return;
+ }
+
p = q + strlen(q) + 1;
}
size_t num_trusts = 0;
int i;
NTSTATUS status;
+ bool ok;
/* The only transitive trusts supported by Windows 2003 AD are
(a) Parent-Child, (b) Tree-Root, and (c) Forest. The
nt_errstr(status));
return;
}
+ ok = set_routing_domain(d, find_default_route_domain());
+ if (!ok) {
+ DBG_ERR("set_routing_domain failed\n");
+ return;
+ }
}
if (d == NULL) {
continue;
size_t num_trusts = 0;
int i;
NTSTATUS status;
+ bool ok;
/* The only transitive trusts supported by Windows 2003 AD are
(a) Parent-Child, (b) Tree-Root, and (c) Forest. The
nt_errstr(status));
return;
}
+ ok = set_routing_domain(
+ d, find_default_route_domain());
+ if (!ok) {
+ DBG_ERR("set_routing_domain failed\n");
+ return;
+ }
}
if (d == NULL) {
struct winbindd_domain *d = NULL;
uint32_t trust_flags = 0;
NTSTATUS status;
+ bool ok;
DEBUG(5, ("wb_imsg_new_trusted_domain\n"));
TALLOC_FREE(frame);
return;
}
+ ok = set_routing_domain(d, find_default_route_domain());
+ if (!ok) {
+ TALLOC_FREE(frame);
+ return;
+ }
TALLOC_FREE(frame);
}
struct ForestTrustInfo fti;
uint32_t fi;
enum ndr_err_code ndr_err;
+ struct winbindd_domain *routing_domain = NULL;
+ bool ok;
if (domains[i]->trust_type != LSA_TRUST_TYPE_UPLEVEL) {
continue;
continue;
}
+ routing_domain = find_domain_from_name_noinit(
+ domains[i]->netbios_name);
+ if (routing_domain == NULL) {
+ DBG_ERR("Can't find winbindd domain [%s]\n",
+ domains[i]->netbios_name);
+ return false;
+ }
+
ndr_err = ndr_pull_struct_blob_all(
&domains[i]->trust_forest_trust_info,
talloc_tos(), &fti,
nt_errstr(status));
return false;
}
+ if (domain == NULL) {
+ continue;
+ }
+ ok = set_routing_domain(domain, routing_domain);
+ if (!ok) {
+ DBG_ERR("set_routing_domain on [%s] to "
+ "[%s] failed\n",
+ domain->name,
+ routing_domain->name);
+ return false;
+ }
}
}
} else if (IS_DC) {