s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the related flag...

[obnox/samba/samba-obnox.git] / source4 / rpc_server / lsa / dcesrv_lsa.c
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c

index d8a5aefcd9ddf8f0f6d7d6e42a782e05e3b3324b..0aad375ccd9c8d6e7077116609edc8de6404c4f3 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -84,16 +84,28 @@ static NTSTATUS dcesrv_build_lsa_sd(TALLOC_CTX *mem_ctx,
         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
  
         status = dom_sid_split_rid(tmp_ctx, sid, &domain_sid, &rid);
-       NT_STATUS_NOT_OK_RETURN_AND_FREE(status, tmp_ctx);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(tmp_ctx);
+               return status;
+       }
  
         domain_admins_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_ADMINS);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(domain_admins_sid, tmp_ctx);
+       if (domain_admins_sid == NULL) {
+               TALLOC_FREE(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         domain_admins_sid_str = dom_sid_string(tmp_ctx, domain_admins_sid);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(domain_admins_sid_str, tmp_ctx);
+       if (domain_admins_sid_str == NULL) {
+               TALLOC_FREE(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         sidstr = dom_sid_string(tmp_ctx, sid);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidstr, tmp_ctx);
+       if (sidstr == NULL) {
+               TALLOC_FREE(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         *sd = security_descriptor_dacl_create(mem_ctx,
                                               0, sidstr, NULL,
@@ -144,7 +156,8 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
  static NTSTATUS dcesrv_lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                           struct lsa_Close *r)
  {
-       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+       enum dcerpc_transport_t transport =
+               dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
         struct dcesrv_handle *h;
  
         if (transport != NCACN_NP && transport != NCALRPC) {
@@ -1587,13 +1600,12 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
  
  
  static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
-                                         struct dcesrv_handle *p_handle,
+                                         struct lsa_policy_state *p_state,
                                           TALLOC_CTX *mem_ctx,
                                           struct ldb_message *dom_msg,
                                           enum lsa_TrustDomInfoEnum level,
                                           union lsa_TrustedDomainInfo *info)
  {
-       struct lsa_policy_state *p_state = p_handle->data;
         uint32_t *posix_offset = NULL;
         struct lsa_TrustDomainInfoInfoEx *info_ex = NULL;
         struct lsa_TrustDomainInfoAuthInfo *auth_info = NULL;
@@ -1767,10 +1779,14 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
                 }
  
                 if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
-                       add_incoming = true;
+                       if (auth_info != NULL && trustAuthIncoming.length > 0) {
+                               add_incoming = true;
+                       }
                 }
                 if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
-                       add_outgoing = true;
+                       if (auth_info != NULL && trustAuthOutgoing.length > 0) {
+                               add_outgoing = true;
+                       }
                 }
  
                 if ((origdir & LSA_TRUST_DIRECTION_INBOUND) &&
@@ -1818,28 +1834,32 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
                 }
         }
  
-       if (add_incoming && trustAuthIncoming.data) {
+       if (add_incoming || del_incoming) {
                 ret = ldb_msg_add_empty(msg, "trustAuthIncoming",
                                         LDB_FLAG_MOD_REPLACE, NULL);
                 if (ret != LDB_SUCCESS) {
                         return NT_STATUS_NO_MEMORY;
                 }
-               ret = ldb_msg_add_value(msg, "trustAuthIncoming",
-                                       &trustAuthIncoming, NULL);
-               if (ret != LDB_SUCCESS) {
-                       return NT_STATUS_NO_MEMORY;
+               if (add_incoming) {
+                       ret = ldb_msg_add_value(msg, "trustAuthIncoming",
+                                               &trustAuthIncoming, NULL);
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                 }
         }
-       if (add_outgoing && trustAuthOutgoing.data) {
+       if (add_outgoing || del_outgoing) {
                 ret = ldb_msg_add_empty(msg, "trustAuthOutgoing",
                                         LDB_FLAG_MOD_REPLACE, NULL);
                 if (ret != LDB_SUCCESS) {
                         return NT_STATUS_NO_MEMORY;
                 }
-               ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
-                                       &trustAuthOutgoing, NULL);
-               if (ret != LDB_SUCCESS) {
-                       return NT_STATUS_NO_MEMORY;
+               if (add_outgoing) {
+                       ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
+                                               &trustAuthOutgoing, NULL);
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                 }
         }
  
@@ -1929,7 +1949,7 @@ static NTSTATUS dcesrv_lsa_SetInformationTrustedDomain(
                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
         }
  
-       return setInfoTrustedDomain_base(dce_call, h, mem_ctx,
+       return setInfoTrustedDomain_base(dce_call, td_state->policy, mem_ctx,
                                          msgs[0], r->in.level, r->in.info);
  }
  
@@ -2147,7 +2167,7 @@ static NTSTATUS dcesrv_lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *
                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
         }
  
-       return setInfoTrustedDomain_base(dce_call, policy_handle, mem_ctx,
+       return setInfoTrustedDomain_base(dce_call, policy_state, mem_ctx,
                                          msgs[0], r->in.level, r->in.info);
  }
  
@@ -2586,16 +2606,28 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
         }
  
         sidndrstr = ldap_encode_ndr_dom_sid(msg, sid);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidndrstr, msg);
+       if (sidndrstr == NULL) {
+               TALLOC_FREE(msg);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         sidstr = dom_sid_string(msg, sid);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sidstr, msg);
+       if (sidstr == NULL) {
+               TALLOC_FREE(msg);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         dnstr = talloc_asprintf(msg, "sid=%s", sidstr);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(dnstr, msg);
+       if (dnstr == NULL) {
+               TALLOC_FREE(msg);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         msg->dn = ldb_dn_new(msg, state->pdb, dnstr);
-       NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg->dn, msg);
+       if (msg->dn == NULL) {
+               TALLOC_FREE(msg);
+               return NT_STATUS_NO_MEMORY;
+       }
  
         if (LDB_FLAG_MOD_TYPE(ldb_flag) == LDB_FLAG_MOD_ADD) {
                 NTSTATUS status;
@@ -3622,7 +3654,8 @@ static NTSTATUS dcesrv_lsa_RetrievePrivateData(struct dcesrv_call_state *dce_cal
  static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_GetUserName *r)
  {
-       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+       enum dcerpc_transport_t transport =
+               dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
         NTSTATUS status = NT_STATUS_OK;
         const char *account_name;
         const char *authority_name;
@@ -3738,7 +3771,6 @@ static NTSTATUS dcesrv_lsa_QueryDomainInformationPolicy(struct dcesrv_call_state
                 struct lsa_DomainInfoKerberos *k = &info->kerberos_info;
                 struct smb_krb5_context *smb_krb5_context;
                 int ret = smb_krb5_init_context(mem_ctx,
-                                                       dce_call->event_ctx,
                                                         dce_call->conn->dce_ctx->lp_ctx,
                                                         &smb_krb5_context);
                 if (ret != 0) {
@@ -4350,7 +4382,7 @@ static NTSTATUS dcesrv_lsa_lsaRSetForestTrustInformation(struct dcesrv_call_stat
  
         trust_attributes = ldb_msg_find_attr_as_uint(dom_res[i],
                                                      "trustAttributes", 0);
-       if (!(trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
+       if (!(trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) {
                 return NT_STATUS_INVALID_PARAMETER;
         }