summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-08-30 18:09:12 +0200
committerGünther Deschner <gd@samba.org>2011-02-16 11:44:06 +0100
commit33655d28b00d8d92a34b5f613ce814828c731599 (patch)
treedb22cf557a7b2be7c119a6cdc90e45bd074e4db4
parent7d53893dee24d63914f076f0e352f73aa5046fbd (diff)
downloadsamba-33655d28b00d8d92a34b5f613ce814828c731599.tar.gz
samba-33655d28b00d8d92a34b5f613ce814828c731599.tar.bz2
samba-33655d28b00d8d92a34b5f613ce814828c731599.zip
s3-lsa: Add and remove trusted domain account
Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c116
1 files changed, 111 insertions, 5 deletions
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index ed9ee8bb6f..d215085ddf 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1598,6 +1598,78 @@ NTSTATUS _lsa_OpenTrustedDomainByName(struct pipes_struct *p,
r->out.trustdom_handle);
}
+static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx,
+ const char *netbios_name,
+ struct trustDomainPasswords auth_struct)
+{
+ NTSTATUS status;
+ struct samu *sam_acct;
+ char *acct_name;
+ uint32_t rid;
+ struct dom_sid user_sid;
+ int i;
+ char *dummy;
+ size_t dummy_size;
+
+ sam_acct = samu_new(mem_ctx);
+ if (sam_acct == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ acct_name = talloc_asprintf(mem_ctx, "%s$", netbios_name);
+ if (acct_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!pdb_set_domain(sam_acct, get_global_sam_name(), PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!pdb_set_acct_ctrl(sam_acct, ACB_DOMTRUST, PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!pdb_new_rid(&rid)) {
+ return NT_STATUS_DS_NO_MORE_RIDS;
+ }
+ sid_compose(&user_sid, get_global_sam_sid(), rid);
+ if (!pdb_set_user_sid(sam_acct, &user_sid, PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ for (i = 0; i < auth_struct.incoming.count; i++) {
+ switch (auth_struct.incoming.current.array[i].AuthType) {
+ case TRUST_AUTH_TYPE_CLEAR:
+ if (!convert_string_talloc(mem_ctx,
+ CH_UTF16LE,
+ CH_UNIX,
+ auth_struct.incoming.current.array[i].AuthInfo.clear.password,
+ auth_struct.incoming.current.array[i].AuthInfo.clear.size,
+ &dummy,
+ &dummy_size,
+ false)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!pdb_set_plaintext_passwd(sam_acct, dummy)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ break;
+ default:
+ continue;
+ }
+ }
+
+ status = pdb_add_sam_account(sam_acct);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
/***************************************************************************
_lsa_CreateTrustedDomainEx2
***************************************************************************/
@@ -1711,6 +1783,15 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
return status;
}
+ if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
+ status = add_trusted_domain_user(p->mem_ctx,
+ r->in.info->netbios_name.string,
+ auth_struct);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
status = create_lsa_policy_handle(p->mem_ctx, p,
LSA_HANDLE_TRUST_TYPE,
acc_granted,
@@ -1782,7 +1863,9 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p,
{
NTSTATUS status;
struct lsa_info *handle;
- struct trustdom_info *info;
+ struct pdb_trusted_domain *td;
+ struct samu *sam_acct;
+ char *acct_name;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
@@ -1797,14 +1880,37 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- status = lsa_lookup_trusted_domain_by_sid(p->mem_ctx,
- r->in.dom_sid,
- &info);
+ status = pdb_get_trusted_domain_by_sid(p->mem_ctx, r->in.dom_sid, &td);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = pdb_del_trusted_domain(info->name);
+ if (td->netbios_name == NULL || *td->netbios_name == '\0') {
+ DEBUG(10, ("Missing netbios name for for trusted domain %s.\n",
+ sid_string_tos(r->in.dom_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (td->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
+ sam_acct = samu_new(p->mem_ctx);
+ if (sam_acct == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ acct_name = talloc_asprintf(p->mem_ctx, "%s$", td->netbios_name);
+ if (acct_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ status = pdb_delete_sam_account(sam_acct);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ status = pdb_del_trusted_domain(td->netbios_name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}