uint32_t trust_type,
uint32_t trust_flags,
uint32_t trust_attribs,
+ enum netr_SchannelType secure_channel_type,
struct winbindd_domain **_d)
{
struct winbindd_domain *domain = NULL;
domain->backend = NULL;
domain->internal = is_internal_domain(sid);
+ domain->secure_channel_type = secure_channel_type;
domain->sequence_number = DOM_SEQUENCE_NONE;
domain->last_seq_check = 0;
domain->initialized = false;
domain->domain_flags = trust_flags;
domain->domain_type = trust_type;
domain->domain_trust_attribs = trust_attribs;
+ domain->secure_channel_type = secure_channel_type;
sid_copy(&domain->sid, sid);
/* Is this our primary domain ? */
trust_type,
trust_flags,
trust_attribs,
+ SEC_CHAN_NULL,
&domain);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN))
dom_list[i].trust_type,
dom_list[i].trust_flags,
dom_list[i].trust_attribs,
+ SEC_CHAN_NULL,
&d);
if (!NT_STATUS_IS_OK(status) &&
type,
flags,
attribs,
+ SEC_CHAN_NULL,
&d);
if (!NT_STATUS_IS_OK(status) &&
NT_STATUS_EQUAL(status,
DATA_BLOB *data)
{
TALLOC_CTX *frame = talloc_stackframe();
+ enum netr_SchannelType secure_channel_type = SEC_CHAN_DOMAIN;
struct lsa_TrustDomainInfoInfoEx info;
enum ndr_err_code ndr_err;
struct winbindd_domain *d = NULL;
return;
}
+ if (info.trust_type == LSA_TRUST_TYPE_UPLEVEL) {
+ secure_channel_type = SEC_CHAN_DNS_DOMAIN;
+ }
if (info.trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
trust_flags |= NETR_TRUST_FLAG_INBOUND;
}
info.trust_type,
trust_flags,
info.trust_attributes,
+ secure_channel_type,
&d);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN))
LSA_TRUST_TYPE_DOWNLEVEL,
0, /* trust_flags */
0, /* trust_attribs */
+ SEC_CHAN_LOCAL,
&domain);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("add_trusted_domain BUILTIN returned %s\n",
LSA_TRUST_TYPE_UPLEVEL,
trust_flags,
LSA_TRUST_ATTRIBUTE_WITHIN_FOREST,
+ SEC_CHAN_BDC,
&domain);
TALLOC_FREE(pdb_domain_info);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
}
+
+ domain->secure_channel_type = sec_chan_type;
if (sec_chan_type == SEC_CHAN_RODC) {
domain->rodc = true;
}
} else {
uint32_t trust_flags;
+ enum netr_SchannelType secure_channel_type;
trust_flags = NETR_TRUST_FLAG_OUTBOUND;
if (role != ROLE_DOMAIN_MEMBER) {
trust_flags |= NETR_TRUST_FLAG_PRIMARY;
}
+ if (role > ROLE_DOMAIN_MEMBER) {
+ secure_channel_type = SEC_CHAN_BDC;
+ } else {
+ secure_channel_type = SEC_CHAN_LOCAL;
+ }
+
status = add_trusted_domain(get_global_sam_name(),
NULL,
get_global_sam_sid(),
LSA_TRUST_TYPE_DOWNLEVEL,
trust_flags,
0, /* trust_attribs */
+ secure_channel_type,
&domain);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("Failed to add local SAM to "
NETR_TRUST_FLAG_PRIMARY|
NETR_TRUST_FLAG_OUTBOUND,
0, /* trust_attribs */
+ SEC_CHAN_WKSTA,
&domain);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("Failed to add local SAM to "