ipasam: for subdomains pick up defaults for missing values

We don't store trust type, attributes, and direction for subdomains
of the existing trust. Since trust is always forest level, these parameters
can be added as defaults when they are missing.

1 files changed, 12 insertions, 0 deletions

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index a535c0f64..59ddcef2e 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -2026,6 +2026,10 @@ static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
 	if (!res) {
 		return false;
 	}
+	if (td->trust_direction == 0) {
+		/* attribute wasn't present, set default value */
+		td->trust_direction = LSA_TRUST_DIRECTION_INBOUND | LSA_TRUST_DIRECTION_OUTBOUND;
+	}
 
 	res = get_uint32_t_from_ldap_msg(ldap_state, entry,
 					 LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
@@ -2033,6 +2037,10 @@ static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
 	if (!res) {
 		return false;
 	}
+	if (td->trust_attributes == 0) {
+		/* attribute wasn't present, set default value */
+		td->trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+	}
 
 	res = get_uint32_t_from_ldap_msg(ldap_state, entry,
 					 LDAP_ATTRIBUTE_TRUST_TYPE,
@@ -2040,6 +2048,10 @@ static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
 	if (!res) {
 		return false;
 	}
+	if (td->trust_type == 0) {
+		/* attribute wasn't present, set default value */
+		td->trust_type = LSA_TRUST_TYPE_UPLEVEL;
+	}
 
 	td->trust_posix_offset = talloc_zero(td, uint32_t);
 	if (td->trust_posix_offset == NULL) {