s4:lsa open trusted domain also with dns name

When searching for a trusted domain object to open, search also the DNS Name
attributes for a match. W2K8R2 uses the DNS domain if available.

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index c129612bd78e9455c06cede10b1a2f365a6d6c42..45fe08eaf049138d7674d6c955c4d1e0508eb6fb 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1261,7 +1261,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce
        const char *attrs[] = {
                NULL
        };
-
+       char *td_name;
        int ret;
 
        DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
@@ -1279,10 +1279,12 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce
        trusted_domain_state->policy = policy_state;
 
        /* search for the trusted_domain record */
+       td_name = ldb_binary_encode_string(mem_ctx, r->in.name.string);
        ret = gendb_search(trusted_domain_state->policy->sam_ldb,
                           mem_ctx, policy_state->system_dn, &msgs, attrs,
-                          "(&(flatname=%s)(objectclass=trustedDomain))",
-                          ldb_binary_encode_string(mem_ctx, r->in.name.string));
+                          "(&(|(flatname=%s)(cn=%s)(trustPartner=%s))"
+                            "(objectclass=trustedDomain))",
+                          td_name, td_name, td_name);
        if (ret == 0) {
                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
        }
@@ -1293,6 +1295,8 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
 
+        /* TODO: perform access checks */
+
        trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]->dn);
 
        handle = dcesrv_handle_new(dce_call->context, LSA_HANDLE_TRUSTED_DOMAIN);