3c38aea ipaserver/dcerpc: fix exclusion entry with a forest trust domain info returned

1 file Authored by abbra 5 years ago, Committed by cheimes 5 years ago,
    ipaserver/dcerpc: fix exclusion entry with a forest trust domain info returned
    
    When looking through the topology of a trusted forest, we should support
    all types of forest trust records. Since Samba Python bindings parse the
    data into a typed structure, a type of the record has to be taken into
    account or there will be type mismatch when accessing elements of the
    union:
    
            typedef [switch_type(lsa_ForestTrustRecordType)] union {
                    [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
                    [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
                    [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
                    [default] lsa_ForestTrustBinaryData data;
            } lsa_ForestTrustData;
    
            typedef struct {
                    lsa_ForestTrustRecordFlags flags;
                    lsa_ForestTrustRecordType type;
                    NTTIME_hyper time;
                    [switch_is(type)] lsa_ForestTrustData forest_trust_data;
            } lsa_ForestTrustRecord;
    
            typedef [public] struct {
                    [range(0,4000)] uint32 count;
                    [size_is(count)] lsa_ForestTrustRecord **entries;
            } lsa_ForestTrustInformation;
    
    Each entry in the lsa_ForestTrustInformation has forest_trust_data
    member but its content depends on the value of a type member
    (forest_trust_data is a union of all possible structures).
    
    Previously we assumed only TLN or TLN exclusion record which were
    of the same type (lsa_StringLarge). Access to forest_trust_data.string
    fails when forest_trust_data's type is lsa_ForestTrustDomainInfo as it
    has no string member.
    
    Fix the code by properly accessing the dns_domain_name from the
    lsa_ForestTrustDomainInfo structure.
    
    Fixes: https://pagure.io/freeipa/issue/7828
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    
        
file modified
+55 -9