TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
status = dom_sid_split_rid(tmp_ctx, sid, &domain_sid, &rid);
- NT_STATUS_NOT_OK_RETURN_AND_FREE(status, tmp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(tmp_ctx);
+ return status;
+ }
domain_admins_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_ADMINS);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(domain_admins_sid, tmp_ctx);
+ if (domain_admins_sid == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
domain_admins_sid_str = dom_sid_string(tmp_ctx, domain_admins_sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(domain_admins_sid_str, tmp_ctx);
+ if (domain_admins_sid_str == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
sidstr = dom_sid_string(tmp_ctx, sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidstr, tmp_ctx);
+ if (sidstr == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
*sd = security_descriptor_dacl_create(mem_ctx,
0, sidstr, NULL,
static NTSTATUS dcesrv_lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_Close *r)
{
- enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+ enum dcerpc_transport_t transport =
+ dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
struct dcesrv_handle *h;
if (transport != NCACN_NP && transport != NCALRPC) {
static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
- struct dcesrv_handle *p_handle,
+ struct lsa_policy_state *p_state,
TALLOC_CTX *mem_ctx,
struct ldb_message *dom_msg,
enum lsa_TrustDomInfoEnum level,
union lsa_TrustedDomainInfo *info)
{
- struct lsa_policy_state *p_state = p_handle->data;
uint32_t *posix_offset = NULL;
struct lsa_TrustDomainInfoInfoEx *info_ex = NULL;
struct lsa_TrustDomainInfoAuthInfo *auth_info = NULL;
}
if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
- add_incoming = true;
+ if (auth_info != NULL && trustAuthIncoming.length > 0) {
+ add_incoming = true;
+ }
}
if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
- add_outgoing = true;
+ if (auth_info != NULL && trustAuthOutgoing.length > 0) {
+ add_outgoing = true;
+ }
}
if ((origdir & LSA_TRUST_DIRECTION_INBOUND) &&
}
}
- if (add_incoming && trustAuthIncoming.data) {
+ if (add_incoming || del_incoming) {
ret = ldb_msg_add_empty(msg, "trustAuthIncoming",
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_msg_add_value(msg, "trustAuthIncoming",
- &trustAuthIncoming, NULL);
- if (ret != LDB_SUCCESS) {
- return NT_STATUS_NO_MEMORY;
+ if (add_incoming) {
+ ret = ldb_msg_add_value(msg, "trustAuthIncoming",
+ &trustAuthIncoming, NULL);
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
}
- if (add_outgoing && trustAuthOutgoing.data) {
+ if (add_outgoing || del_outgoing) {
ret = ldb_msg_add_empty(msg, "trustAuthOutgoing",
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
- &trustAuthOutgoing, NULL);
- if (ret != LDB_SUCCESS) {
- return NT_STATUS_NO_MEMORY;
+ if (add_outgoing) {
+ ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
+ &trustAuthOutgoing, NULL);
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- return setInfoTrustedDomain_base(dce_call, h, mem_ctx,
+ return setInfoTrustedDomain_base(dce_call, td_state->policy, mem_ctx,
msgs[0], r->in.level, r->in.info);
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- return setInfoTrustedDomain_base(dce_call, policy_handle, mem_ctx,
+ return setInfoTrustedDomain_base(dce_call, policy_state, mem_ctx,
msgs[0], r->in.level, r->in.info);
}
}
sidndrstr = ldap_encode_ndr_dom_sid(msg, sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidndrstr, msg);
+ if (sidndrstr == NULL) {
+ TALLOC_FREE(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
sidstr = dom_sid_string(msg, sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidstr, msg);
+ if (sidstr == NULL) {
+ TALLOC_FREE(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
dnstr = talloc_asprintf(msg, "sid=%s", sidstr);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(dnstr, msg);
+ if (dnstr == NULL) {
+ TALLOC_FREE(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
msg->dn = ldb_dn_new(msg, state->pdb, dnstr);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg->dn, msg);
+ if (msg->dn == NULL) {
+ TALLOC_FREE(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
if (LDB_FLAG_MOD_TYPE(ldb_flag) == LDB_FLAG_MOD_ADD) {
NTSTATUS status;
static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_GetUserName *r)
{
- enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+ enum dcerpc_transport_t transport =
+ dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
NTSTATUS status = NT_STATUS_OK;
const char *account_name;
const char *authority_name;
struct lsa_DomainInfoKerberos *k = &info->kerberos_info;
struct smb_krb5_context *smb_krb5_context;
int ret = smb_krb5_init_context(mem_ctx,
- dce_call->event_ctx,
dce_call->conn->dce_ctx->lp_ctx,
&smb_krb5_context);
if (ret != 0) {
trust_attributes = ldb_msg_find_attr_as_uint(dom_res[i],
"trustAttributes", 0);
- if (!(trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
+ if (!(trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
return NT_STATUS_INVALID_PARAMETER;
}