diff options
Diffstat (limited to 'source/utils/net_rpc.c')
-rw-r--r-- | source/utils/net_rpc.c | 90 |
1 files changed, 57 insertions, 33 deletions
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 6e884c24dfb..27cc2a09186 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -1909,6 +1909,7 @@ rpc_group_list_internals(const DOM_SID *domain_sid, const char *domain_name, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0; struct acct_info *groups; + DOM_SID global_sid_Builtin; BOOL global = False; BOOL local = False; BOOL builtin = False; @@ -1930,6 +1931,8 @@ rpc_group_list_internals(const DOM_SID *domain_sid, const char *domain_name, builtin = True; } + string_to_sid(&global_sid_Builtin, "S-1-5-32"); + /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, @@ -2699,11 +2702,6 @@ rpc_share_migrate_shares_internals(const DOM_SID *domain_sid, const char *domain strequal(netname,"global")) continue; - if (opt_exclude && in_list(netname, opt_exclude, False)) { - printf("excluding [%s]\n", netname); - continue; - } - /* only work with file-shares */ if (!cli_send_tconX(cli, netname, "A:", "", 0)) { d_printf("skipping [%s]: not a file share.\n", netname); @@ -2973,7 +2971,7 @@ rpc_share_migrate_files_internals(const DOM_SID *domain_sid, const char *domain_ continue; } - if (opt_exclude && in_list(netname, opt_exclude, False)) { + if (opt_exclude && in_list(netname, (char *)opt_exclude, False)) { printf("excluding [%s]\n", netname); continue; } @@ -3275,6 +3273,7 @@ rpc_aliaslist_internals(const DOM_SID *domain_sid, const char *domain_name, { NTSTATUS result; POLICY_HND connect_pol; + DOM_SID global_sid_Builtin; result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -3282,6 +3281,8 @@ rpc_aliaslist_internals(const DOM_SID *domain_sid, const char *domain_name, if (!NT_STATUS_IS_OK(result)) goto done; + string_to_sid(&global_sid_Builtin, "S-1-5-32"); + result = rpc_fetch_domain_aliases(cli, mem_ctx, &connect_pol, &global_sid_Builtin); @@ -3298,6 +3299,14 @@ rpc_aliaslist_internals(const DOM_SID *domain_sid, const char *domain_name, static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid) { + DOM_SID global_sid_World; + DOM_SID global_sid_Network; + DOM_SID global_sid_Authenticated_Users; + + string_to_sid(&global_sid_World, "S-1-1-0"); + string_to_sid(&global_sid_Network, "S-1-5-2"); + string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11"); + token->num_sids = 4; token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4); @@ -4463,7 +4472,6 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; - const char **names; DOM_SID trust_acct_sid; uint32 *user_rids, num_rids, *name_types; uint32 flags = 0x000003e8; /* Unknown */ @@ -4476,17 +4484,13 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, /* * Make valid trusting domain account (ie. uppercased and with '$' appended) */ - acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]); - - if (acct_name == NULL) + + if (asprintf(&acct_name, "%s$", argv[0]) < 0) { return NT_STATUS_NO_MEMORY; + } strupper_m(acct_name); - names = TALLOC_ARRAY(mem_ctx, const char *, 1); - names[0] = acct_name; - - /* Get samr policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -4503,8 +4507,8 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, } result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol, flags, 1, - names, &num_rids, - &user_rids, &name_types); + &acct_name, &num_rids, &user_rids, + &name_types); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -4548,6 +4552,7 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, } done: + SAFE_FREE(acct_name); return result; } @@ -4589,7 +4594,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) TALLOC_CTX *mem_ctx; NTSTATUS nt_status; DOM_SID *domain_sid; - smb_ucs2_t *uni_domain_name; + WKS_INFO_100 wks_info; char* domain_name; char* domain_name_pol; @@ -4658,17 +4663,44 @@ static int rpc_trustdom_establish(int argc, const char **argv) for domain %s\n", domain_name)); } - if (!(mem_ctx = talloc_init("establishing trust relationship to " - "domain %s", domain_name))) { + /* + * Call WksQueryInfo to check remote server's capabilities + * note: It is now used only to get unicode domain name + */ + + if (!cli_nt_session_open(cli, PI_WKSSVC)) { + DEBUG(0, ("Couldn't not initialise wkssvc pipe\n")); + return -1; + } + + if (!(mem_ctx = talloc_init("establishing trust relationship to domain %s", + domain_name))) { DEBUG(0, ("talloc_init() failed\n")); cli_shutdown(cli); return -1; } + nt_status = cli_wks_query_info(cli, mem_ctx, &wks_info); + + if (NT_STATUS_IS_ERR(nt_status)) { + DEBUG(0, ("WksQueryInfo call failed.\n")); + return -1; + } + + if (cli->nt_pipe_fnum[cli->pipe_idx]) + cli_nt_session_close(cli); + + /* * Call LsaOpenPolicy and LsaQueryInfo */ + if (!(mem_ctx = talloc_init("rpc_trustdom_establish"))) { + DEBUG(0, ("talloc_init() failed\n")); + cli_shutdown(cli); + return -1; + } + if (!cli_nt_session_open(cli, PI_LSARPC)) { DEBUG(0, ("Could not initialise lsa pipe\n")); cli_shutdown(cli); @@ -4686,19 +4718,16 @@ static int rpc_trustdom_establish(int argc, const char **argv) /* Querying info level 5 */ nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd, - 5 /* info level */, - &domain_name_pol, &domain_sid); + 5 /* info level */, &domain_name_pol, + &domain_sid); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); return -1; } - if (push_ucs2_talloc(mem_ctx, &uni_domain_name, domain_name_pol) < 0) { - DEBUG(0, ("Could not convert domain name %s to unicode\n", - domain_name_pol)); - return -1; - } + + /* There should be actually query info level 3 (following nt serv behaviour), but I still don't know if it's _really_ necessary */ @@ -4707,10 +4736,8 @@ static int rpc_trustdom_establish(int argc, const char **argv) * Store the password in secrets db */ - if (!secrets_store_trusted_domain_password(domain_name, - uni_domain_name, - strlen_w(uni_domain_name)+1, - opt_password, + if (!secrets_store_trusted_domain_password(domain_name, wks_info.uni_lan_grp.buffer, + wks_info.uni_lan_grp.uni_str_len, opt_password, *domain_sid)) { DEBUG(0, ("Storing password for trusted domain failed.\n")); return -1; @@ -4729,8 +4756,6 @@ static int rpc_trustdom_establish(int argc, const char **argv) if (cli->nt_pipe_fnum[cli->pipe_idx]) cli_nt_session_close(cli); - - cli_shutdown(cli); talloc_destroy(mem_ctx); @@ -5558,7 +5583,6 @@ int net_rpc(int argc, const char **argv) {"vampire", rpc_vampire}, {"getsid", net_rpc_getsid}, {"rights", net_rpc_rights}, - {"service", net_rpc_service}, {"help", net_rpc_help}, {NULL, NULL} }; |