s4-torture Modify rpc.lsa.forest.trust test to progress further FL Win2003 R2

This modification is required to pass against a domain in functional
level Windows 2003 or later.

Andrew Bartlett

diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c
index 7ae40e5dedaaef9500a875fb19779ce25f7cb6aa..397661ed8ac197da2e0f6758a9d8f4d2d9e1854b 100644 (file)
--- a/source4/torture/rpc/forest_trust.c
+++ b/source4/torture/rpc/forest_trust.c
@@ -118,7 +118,13 @@ static bool test_create_trust_and_set_info(struct dcerpc_pipe *p,
 
        trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL;
 
-       trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+       /* MS-LSAD: Section 3.1.4.7.10 makes it clear that Win2k3
+        * functional level and above return
+        * NT_STATUS_INVALID_DOMAIN_STATE if
+        * TRUST_ATTRIBUTE_FOREST_TRANSITIVE or
+        * TRUST_ATTRIBUTE_CROSS_ORGANIZATION is set here.
+       */
+       trustinfo.trust_attributes = 0;
 
        r.in.policy_handle = handle;
        r.in.info = &trustinfo;
@@ -651,10 +657,10 @@ static bool test_validate_trust(struct torture_context *tctx,
                                      1, trust_info->count);
                return false;
        }
-       if (trust_info->data[0] != LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+       if (trust_info->data[0] != 0) {
                torture_comment(tctx, "Unexpected result, "
                                      "expected %d, got %d.\n",
-                                     LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE,
+                                     0,
                                      trust_info->data[0]);
                return false;
        }