summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-09-01 14:43:00 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-09-01 14:43:00 +1000
commit35c8899949cb7c1e3712b9c07e5b0c0a9a701269 (patch)
tree714dbafb7c322d565a700a68ee0bd18a01e69114
parent81dcc99e9acb9a7e4c2358e5e44998e4718dc658 (diff)
downloadsamba-35c8899949cb7c1e3712b9c07e5b0c0a9a701269.tar.gz
samba-35c8899949cb7c1e3712b9c07e5b0c0a9a701269.tar.bz2
samba-35c8899949cb7c1e3712b9c07e5b0c0a9a701269.zip
Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.
Also check we get the defaults correct with a query in the torture suite. Andrew Bartlett (This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c6
-rw-r--r--source4/torture/rpc/lsa.c21
2 files changed, 24 insertions, 3 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index f67b5dee10..923b1e400c 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -672,6 +672,12 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_cal
}
samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
+
+ samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustType", LSA_TRUST_TYPE_DOWNLEVEL);
+
+ samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustAttributes", 0);
+
+ samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustDirection", LSA_TRUST_DIRECTION_OUTBOUND);
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index ec74426ac6..edfc12f9f1 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2016,7 +2016,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
} else {
q.in.trustdom_handle = &trustdom_handle[i];
- q.in.level = LSA_TRUSTED_DOMAIN_INFO_NAME;
+ q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@@ -2024,9 +2024,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
} else if (!q.out.info) {
ret = false;
} else {
- if (strcmp(q.out.info->name.netbios_name.string, trustinfo.name.string) != 0) {
+ if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
- q.out.info->name.netbios_name.string, trustinfo.name.string);
+ q.out.info->info_ex.netbios_name.string, trustinfo.name.string);
+ ret = false;
+ }
+ if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+ printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
+ trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
+ ret = false;
+ }
+ if (q.out.info->info_ex.trust_attributes != 0) {
+ printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
+ trust_name, q.out.info->info_ex.trust_attributes, 0);
+ ret = false;
+ }
+ if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
+ printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
+ trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
ret = false;
}
}