[PATCH] add new lsa trust attributes
Günther Deschner
gd at samba.org
Fri Sep 13 09:28:47 UTC 2019
Hi,
attached a patch to add the new lsa trust attributes. There is currently
a winbind forest trust issue related to the use of the new flags,
winbind patch to follow.
Please review and push.
Tuanks,
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
-------------- next part --------------
From 7e129d1915b964293a510a164d59427c40208ab2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Thu, 12 Sep 2019 16:36:20 +0200
Subject: [PATCH 1/2] lsa: document new LSA trust attributes
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
---
librpc/idl/lsa.idl | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index ea8a426fa01..39ed3be8262 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -702,14 +702,17 @@ import "misc.idl", "security.idl";
} lsa_TrustType;
typedef [public,bitmap32bit] bitmap {
- LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
- LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
- LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
- LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
- LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
- LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
- LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
- LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
+ LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
+ LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
+ LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
+ LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
+ LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
+ LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
+ LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
+ LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080,
+ LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200,
+ LSA_TRUST_ATTRIBUTE_PIM_TRUST = 0x00000400,
+ LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION = 0x00000800
} lsa_TrustAttributes;
typedef struct {
--
2.21.0
From e78e2091b2b30b22ba1e5ab226ddc7f6fa264173 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Thu, 12 Sep 2019 23:27:13 +0200
Subject: [PATCH 2/2] misc: fix AD trust attributes in adssearch
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
---
examples/misc/adssearch.pl | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/examples/misc/adssearch.pl b/examples/misc/adssearch.pl
index 7c3570abd6e..fc24811b626 100755
--- a/examples/misc/adssearch.pl
+++ b/examples/misc/adssearch.pl
@@ -285,10 +285,17 @@ my %ads_sdeffective = (
);
my %ads_trustattrs = (
- "TRUST_ATTRIBUTE_NON_TRANSITIVE" => 1,
- "TRUST_ATTRIBUTE_TREE_PARENT" => 2,
- "TRUST_ATTRIBUTE_TREE_ROOT" => 3,
- "TRUST_ATTRIBUTE_UPLEVEL_ONLY" => 4,
+ "TRUST_ATTRIBUTE_NON_TRANSITIVE" => 0x00000001,
+ "TRUST_ATTRIBUTE_UPLEVEL_ONLY" => 0x00000002,
+ "TRUST_ATTRIBUTE_QUARANTINED_DOMAIN" => 0x00000004,
+ "TRUST_ATTRIBUTE_FOREST_TRANSITIVE" => 0x00000008,
+ "TRUST_ATTRIBUTE_CROSS_ORGANIZATION" => 0x00000010,
+ "TRUST_ATTRIBUTE_WITHIN_FOREST" => 0x00000020,
+ "TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL" => 0x00000040,
+ "TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION" => 0x00000080,
+ "TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION" => 0x00000200,
+ "TRUST_ATTRIBUTE_PIM_TRUST" => 0x00000400,
+ "TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION" => 0x00000800,
);
my %ads_trustdirection = (
@@ -1283,7 +1290,7 @@ sub dump_sdeffective {
}
sub dump_trustattr {
- return dump_bitmask_equal(@_,%ads_trustattrs);
+ return dump_bitmask_and(@_,%ads_trustattrs);
}
sub dump_trusttype {
--
2.21.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190913/d2d91bc0/signature.sig>
More information about the samba-technical
mailing list