diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-09-01 14:43:00 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-09-01 14:43:00 +1000 |
commit | 35c8899949cb7c1e3712b9c07e5b0c0a9a701269 (patch) | |
tree | 714dbafb7c322d565a700a68ee0bd18a01e69114 | |
parent | 81dcc99e9acb9a7e4c2358e5e44998e4718dc658 (diff) | |
download | samba-35c8899949cb7c1e3712b9c07e5b0c0a9a701269.tar.gz samba-35c8899949cb7c1e3712b9c07e5b0c0a9a701269.tar.bz2 samba-35c8899949cb7c1e3712b9c07e5b0c0a9a701269.zip |
Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 6 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 21 |
2 files changed, 24 insertions, 3 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index f67b5dee10..923b1e400c 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -672,6 +672,12 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_cal } samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain"); + + samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustType", LSA_TRUST_TYPE_DOWNLEVEL); + + samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustAttributes", 0); + + samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustDirection", LSA_TRUST_DIRECTION_OUTBOUND); trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index ec74426ac6..edfc12f9f1 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -2016,7 +2016,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, } else { q.in.trustdom_handle = &trustdom_handle[i]; - q.in.level = LSA_TRUSTED_DOMAIN_INFO_NAME; + q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); @@ -2024,9 +2024,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, } else if (!q.out.info) { ret = false; } else { - if (strcmp(q.out.info->name.netbios_name.string, trustinfo.name.string) != 0) { + if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) { printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n", - q.out.info->name.netbios_name.string, trustinfo.name.string); + q.out.info->info_ex.netbios_name.string, trustinfo.name.string); + ret = false; + } + if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) { + printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", + trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL); + ret = false; + } + if (q.out.info->info_ex.trust_attributes != 0) { + printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", + trust_name, q.out.info->info_ex.trust_attributes, 0); + ret = false; + } + if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) { + printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", + trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND); ret = false; } } |