1 files changed, 58 insertions, 37 deletions

diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 6244c844f2..77e63709aa 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -1,4 +1,4 @@
-/* 
+/*
  *  Unix SMB/CIFS implementation.
  *  Routines to operate on various trust relationships
  *  Copyright (C) Andrew Bartlett                   2001
@@ -123,47 +123,68 @@ NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli,
 	
 }
 
+/*********************************************************************
+ Enumerate the list of trusted domains from a DC
+*********************************************************************/
 
-/**
- * Verify whether or not given domain is trusted.
- *
- * @param domain_name name of the domain to be verified
- * @return true if domain is one of the trusted once or
- *         false if otherwise
- **/
- 
-BOOL is_trusted_domain(const char* dom_name)
+BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
+                                     char ***domain_names, uint32 *num_domains,
+				     DOM_SID **sids )
 {
-	DOM_SID trustdom_sid;
-	char *pass = NULL;
-	time_t lct;
-	BOOL ret;
-
-	if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
-		/*
-		 * Query the secrets db as an ultimate source of information
-		 * about trusted domain names. This is PDC or BDC case.
-		 */
-		ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
-		SAFE_FREE(pass);
-		if (ret) 
-			return ret;
+	POLICY_HND 	pol;
+	NTSTATUS 	result = NT_STATUS_UNSUCCESSFUL;
+	fstring 	dc_name;
+	struct in_addr 	dc_ip;
+	uint32 		enum_ctx = 0;
+	struct cli_state *cli = NULL;
+	BOOL 		retry;
+
+	*domain_names = NULL;
+	*num_domains = 0;
+	*sids = NULL;
+
+	/* lookup a DC first */
+
+	if ( !get_dc_name(domain, dc_name, &dc_ip) ) {
+		DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n",
+			domain));
+		return False;
 	}
 
-	/*
-	 * Query the trustdom_cache updated periodically. The only
-	 * way for domain member server.
-	 */
-	if (trustdom_cache_enable() &&
-		trustdom_cache_fetch(dom_name, &trustdom_sid)) {
-		trustdom_cache_shutdown();
-		return True;
+	/* setup the anonymous connection */
+
+	result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
+		"", "", "", 0, &retry);
+	if ( !NT_STATUS_IS_OK(result) )
+		goto done;
+
+	/* open the LSARPC_PIPE	*/
+
+	if ( !cli_nt_session_open( cli, PI_LSARPC ) ) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
 	}
 
-	/*
-	 * if nothing's been found, then give up here, although
-	 * the last resort might be to query the PDC.
-	 */
-	return False;
+	/* get a handle */
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True,
+		POLICY_VIEW_LOCAL_INFORMATION, &pol);
+	if ( !NT_STATUS_IS_OK(result) )
+		goto done;
+
+	/* Lookup list of trusted domains */
+
+	result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
+		num_domains, domain_names, sids);
+	if ( !NT_STATUS_IS_OK(result) )
+		goto done;
+
+done:
+	/* cleanup */
+
+	cli_nt_session_close( cli );
+	cli_shutdown( cli );
+
+	return NT_STATUS_IS_OK(result);
 }