s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 69c54b00c5ba82b9bf3b7b96013883db30bb3c00..5ca2c067585b79d32e01936bfe0ddc0fdbd2b7bc 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -57,14 +57,17 @@ enum trust_direction {
 };
 
 static const char *trust_attrs[] = {
+       "securityIdentifier",
+       "flatName",
        "trustPartner",
+       "trustAttributes",
+       "trustDirection",
+       "trustType",
+       "msDS-TrustForestTrustInfo",
        "trustAuthIncoming",
        "trustAuthOutgoing",
        "whenCreated",
        "msDS-SupportedEncryptionTypes",
-       "trustAttributes",
-       "trustDirection",
-       "trustType",
        NULL
 };
 
@@ -1167,7 +1170,6 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 {
        struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
        const char *our_realm = lpcfg_realm(lp_ctx);
-       const char *dnsdomain = NULL;
        char *partner_realm = NULL;
        const char *realm = NULL;
        const char *krbtgt_realm = NULL;
@@ -1183,7 +1185,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
        uint32_t previous_kvno;
        uint32_t num_keys = 0;
        enum ndr_err_code ndr_err;
-       int ret, trust_direction_flags;
+       int ret;
        unsigned int i;
        struct AuthenticationInformationArray *auth_array;
        struct timeval tv;
@@ -1191,6 +1193,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
        uint32_t *auth_kvno;
        bool preferr_current = false;
        uint32_t supported_enctypes = ENC_RC4_HMAC_MD5;
+       struct lsa_TrustDomainInfoInfoEx *tdo = NULL;
+       NTSTATUS status;
 
        if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) {
                supported_enctypes = ldb_msg_find_attr_as_uint(msg,
@@ -1198,20 +1202,25 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
                                        supported_enctypes);
        }
 
-       trust_direction_flags = ldb_msg_find_attr_as_int(msg, "trustDirection", 0);
-       if (!(trust_direction_flags & direction)) {
+       status = dsdb_trust_parse_tdo_info(mem_ctx, msg, &tdo);
+       if (!NT_STATUS_IS_OK(status)) {
+               krb5_clear_error_message(context);
+               ret = ENOMEM;
+               goto out;
+       }
+
+       if (!(tdo->trust_direction & direction)) {
                krb5_clear_error_message(context);
                ret = SDB_ERR_NOENTRY;
                goto out;
        }
 
-       dnsdomain = ldb_msg_find_attr_as_string(msg, "trustPartner", NULL);
-       if (dnsdomain == NULL) {
+       if (tdo->domain_name.string == NULL) {
                krb5_clear_error_message(context);
                ret = SDB_ERR_NOENTRY;
                goto out;
        }
-       partner_realm = strupper_talloc(mem_ctx, dnsdomain);
+       partner_realm = strupper_talloc(mem_ctx, tdo->domain_name.string);
        if (partner_realm == NULL) {
                krb5_clear_error_message(context);
                ret = ENOMEM;