return NT_STATUS_OK;
}
+NTSTATUS sam_get_results_trust(struct ldb_context *sam_ctx,
+ TALLOC_CTX *mem_ctx, const char *domain,
+ const char *realm, const char * const *attrs,
+ struct ldb_message **msg)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ int lret;
+ struct ldb_dn *system_dn;
+ char *filter;
+ struct ldb_result *res = NULL;
+ char *domain_encoded;
+
+ system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ if (system_dn == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ domain_encoded = ldb_binary_encode_string(mem_ctx, domain);
+ if (!domain_encoded) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (realm == NULL) {
+ filter = talloc_asprintf(mem_ctx,
+ "(&(objectClass=trustedDomain)(flatname=%s))",
+ domain_encoded);
+ if (!filter) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ char *realm_encoded = ldb_binary_encode_string(mem_ctx, realm);
+ if (!realm_encoded) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ filter = talloc_asprintf(mem_ctx,
+ "(&(objectClass=trustedDomain)"
+ "(|(trustPartner=%s)(flatname=%s))"
+ ")",
+ realm_encoded, domain_encoded);
+ if (!filter) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ lret = dsdb_search(sam_ctx, frame, &res,
+ system_dn,
+ LDB_SCOPE_ONELEVEL, attrs,
+ DSDB_SEARCH_NO_GLOBAL_CATALOG|DSDB_SEARCH_ONE_ONLY,
+ "%s", filter);
+ if (lret == LDB_ERR_NO_SUCH_OBJECT) {
+ DEBUG(3, ("Failed to find result for %s: %s\n", filter, ldb_errstring(sam_ctx)));
+ TALLOC_FREE(frame);
+ return NT_STATUS_NOT_FOUND;
+ } else if (lret != LDB_SUCCESS) {
+ DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(sam_ctx)));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ talloc_steal(mem_ctx, res->msgs);
+ *msg = res->msgs[0];
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available, and for tokenGroups in the DSDB stack.
Supply either a principal or a DN