summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-12-11 03:03:45 +0000
committerTim Potter <tpot@samba.org>2001-12-11 03:03:45 +0000
commit6a60668fe2e2c47f27716f238113b099da3859d7 (patch)
tree610f223a1421161bdd643a42924f7a9e224c4b10
parent44d423419a976a9d1a891774d01770bd93b31d46 (diff)
downloadsamba-6a60668fe2e2c47f27716f238113b099da3859d7.tar.gz
samba-6a60668fe2e2c47f27716f238113b099da3859d7.tar.xz
samba-6a60668fe2e2c47f27716f238113b099da3859d7.zip
SAMR query sec obj returns different results depending on which sam handle
it is passed. Not sure what these different contexts are called or what they are used for. - if a rid is specified to samquerysecobj then use the sam user policy handle for that rid - if -d is specified then use the sam domain policy handle - otherwise just use the sam connect policy handle JF, any ideas about this? (This used to be commit 4ef50ef9f76219ea8acc29a1d740b31a1d7a1e04)
-rw-r--r--source3/rpcclient/cmd_samr.c46
1 files changed, 34 insertions, 12 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 4a748fab8d..c31127be4e 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1105,22 +1105,29 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli,
TALLOC_CTX *mem_ctx,
int argc, char **argv)
{
- POLICY_HND connect_pol, domain_pol, user_pol;
+ POLICY_HND connect_pol, domain_pol, user_pol, *pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 info_level = 4;
fstring server;
- uint32 user_rid;
+ uint32 user_rid = 0;
TALLOC_CTX *ctx = NULL;
SEC_DESC_BUF *sec_desc_buf=NULL;
+ BOOL domain = False;
ctx=talloc_init();
- if (argc != 2) {
- printf("Usage: %s rid\n", argv[0]);
+ if (argc > 2) {
+ printf("Usage: %s [rid|-d]\n", argv[0]);
+ printf("\tSpecify rid for security on user, -d for security on domain\n");
return NT_STATUS_OK;
}
- sscanf(argv[1], "%i", &user_rid);
+ if (argc == 2) {
+ if (strcmp(argv[1], "-d") == 0)
+ domain = True;
+ else
+ sscanf(argv[1], "%i", &user_rid);
+ }
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
@@ -1130,21 +1137,36 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli,
if (!NT_STATUS_IS_OK(result))
goto done;
- result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &domain_sid, &domain_pol);
+ if (domain || user_rid)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
- user_rid, &user_pol);
+ if (user_rid)
+ result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rid, &user_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = cli_samr_query_sec_obj(cli, mem_ctx, &user_pol, info_level, ctx, &sec_desc_buf);
+ /* Pick which query pol to use */
+
+ pol = &connect_pol;
+
+ if (domain)
+ pol = &domain_pol;
+
+ if (user_rid)
+ pol = &user_pol;
+
+ /* Query SAM security object */
+
+ result = cli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx,
+ &sec_desc_buf);
if (!NT_STATUS_IS_OK(result))
goto done;