diff options
| author | Gerald Carter <jerry@samba.org> | 2007-05-06 19:17:30 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:21:47 -0500 |
| commit | 7cb2a4be354c23b4228d67fe2bba68067ea619cf (patch) | |
| tree | 782cd4a9fe6e8deffca6a44e8b0a64aada7f878e /source3/include | |
| parent | 879b84362715e8796f7ef92124007f5673338b37 (diff) | |
| download | samba-7cb2a4be354c23b4228d67fe2bba68067ea619cf.tar.gz samba-7cb2a4be354c23b4228d67fe2bba68067ea619cf.tar.bz2 samba-7cb2a4be354c23b4228d67fe2bba68067ea619cf.zip | |
r22704: Implement three step method for enumerating domain trusts.
(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.
This will give us a complete trust topology including
domains via transitive Krb5 trusts. We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.
"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.
(This used to be commit 9cf6068f1e0a1063d331af17aa493140497b96ef)
Diffstat (limited to 'source3/include')
| -rw-r--r-- | source3/include/rpc_ds.h | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h index 4ca49871f6..05258fb306 100644 --- a/source3/include/rpc_ds.h +++ b/source3/include/rpc_ds.h @@ -30,7 +30,6 @@ #define DS_ENUM_DOM_TRUSTS 0x28 - /* macros for RPC's */ /* DSROLE_PRIMARY_DOMAIN_INFO_BASIC */ @@ -56,8 +55,6 @@ #define DS_DOMAIN_FUCNTION_2003_MIXED 1 #define DS_DOMAIN_FUNCTION_2003 2 - - typedef struct { uint16 machine_role; @@ -81,7 +78,6 @@ typedef struct #define DsRolePrimaryDomainInfoBasic 1 - /* DS_Q_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() request */ typedef struct { @@ -139,15 +135,33 @@ typedef struct { } DS_DOMAIN_TRUSTS_CTR; +/* Trust flags */ + #define DS_DOMAIN_IN_FOREST 0x0001 /* domains in the forest to which we belong; even different domain trees */ #define DS_DOMAIN_DIRECT_OUTBOUND 0x0002 /* trusted domains */ -#define DS_DOMAIN_TREE_ROOT 0x0004 /* root of our forest; also available in - DsRoleGetPrimaryDomainInfo() */ +#define DS_DOMAIN_TREE_ROOT 0x0004 /* root of a forest */ #define DS_DOMAIN_PRIMARY 0x0008 /* our domain */ #define DS_DOMAIN_NATIVE_MODE 0x0010 /* native mode AD servers */ #define DS_DOMAIN_DIRECT_INBOUND 0x0020 /* trusting domains */ +/* Trust types */ + +#define DS_DOMAIN_TRUST_TYPE_DOWNLEVEL 0x00000001 +#define DS_DOMAIN_TRUST_TYPE_UPLEVEL 0x00000002 + +/* Trust attributes */ + +#define DS_DOMAIN_TRUST_ATTRIB_NON_TRANSITIVE 0x00000001 +#define DS_DOMAIN_TRUST_ATTRIB_UPLEVEL_ONLY 0x00000002 +#define DS_DOMAIN_TRUST_ATTRIB_QUARANTINED_DOMAIN 0x00000004 +#define DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE 0x00000008 +#define DS_DOMAIN_TRUST_ATTRIB_CROSS_ORG 0x00000010 +#define DS_DOMAIN_TRUST_ATTRIB_IN_FOREST 0x00000020 +#define DS_DOMAIN_TRUST_ATTRIB_EXTERNAL 0x00000040 + + + /* DS_Q_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() request */ typedef struct { |