diff options
| author | Luke Leighton <lkcl@samba.org> | 1999-11-20 19:43:37 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1999-11-20 19:43:37 +0000 |
| commit | a56bea383b4813f77478f9859dc33c90a564f540 (patch) | |
| tree | f5849949f0312e8a80e53125571cee3399b1320e /source3/rpc_client/cli_lsarpc.c | |
| parent | ef8ced0ca6688f037d74a5e26b52b41afce37682 (diff) | |
| download | samba-a56bea383b4813f77478f9859dc33c90a564f540.tar.gz samba-a56bea383b4813f77478f9859dc33c90a564f540.tar.bz2 samba-a56bea383b4813f77478f9859dc33c90a564f540.zip | |
doing a code reshuffle. want to add code to establish trust relationships.
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
Diffstat (limited to 'source3/rpc_client/cli_lsarpc.c')
| -rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ce11999955..ebda7d8708 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -33,6 +33,185 @@ extern int DEBUGLEVEL; /**************************************************************************** + obtain the sid from the PDC. do some verification along the way... +****************************************************************************/ +BOOL get_domain_sids(const char *myname, + DOM_SID *sid3, DOM_SID *sid5, char *servers) +{ + uint16 nt_pipe_fnum; + POLICY_HND pol; + fstring srv_name; + struct cli_state cli; + BOOL res = True; + fstring dom3; + fstring dom5; + + if (sid3 == NULL && sid5 == NULL) + { + /* don't waste my time... */ + return False; + } + + if (!cli_connect_serverlist(&cli, servers)) + { + DEBUG(0,("get_domain_sids: unable to initialise client connection.\n")); + return False; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + fstrcpy(dom3, ""); + fstrcpy(dom5, ""); + if (sid3 != NULL) + { + ZERO_STRUCTP(sid3); + } + if (sid5 != NULL) + { + ZERO_STRUCTP(sid5); + } + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, myname); + strupper(srv_name); + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False; + + if (sid3 != NULL) + { + /* send client info query, level 3. receive domain name and sid */ + res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, sid3) : False; + } + + if (sid5 != NULL) + { + /* send client info query, level 5. receive domain name and sid */ + res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, sid5) : False; + } + + /* close policy handle */ + res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False; + + /* close the session */ + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + + if (res) + { + pstring sid; + DEBUG(2,("LSA Query Info Policy\n")); + if (sid3 != NULL) + { + sid_to_string(sid, sid3); + DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid)); + } + if (sid5 != NULL) + { + sid_to_string(sid, sid5); + DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid)); + } + } + else + { + DEBUG(1,("lsa query info failed\n")); + } + + return res; +} + +/**************************************************************************** + obtain a sid and domain name from a Domain Controller. +****************************************************************************/ +BOOL get_trust_sid_and_domain(const char* myname, char *server, + DOM_SID *sid, + char *domain, size_t len) +{ + uint16 nt_pipe_fnum; + POLICY_HND pol; + fstring srv_name; + struct cli_state cli; + BOOL res = True; + BOOL res1 = True; + DOM_SID sid3; + DOM_SID sid5; + fstring dom3; + fstring dom5; + + if (!cli_connect_serverlist(&cli, server)) + { + DEBUG(0,("get_trust_sid: unable to initialise client connection.\n")); + return False; + } + + fstrcpy(dom3, ""); + fstrcpy(dom5, ""); + ZERO_STRUCT(sid3); + ZERO_STRUCT(sid5); + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, myname); + strupper(srv_name); + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False; + + /* send client info query, level 3. receive domain name and sid */ + res1 = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, &sid3) : False; + + /* send client info query, level 5. receive domain name and sid */ + res1 = res1 ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, &sid5) : False; + + /* close policy handle */ + res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False; + + /* close the session */ + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + + if (res1) + { + pstring sid_str; + DEBUG(2,("LSA Query Info Policy\n")); + sid_to_string(sid_str, &sid3); + DEBUG(2,("Domain Member - Domain: %s SID: %s\n", + dom3, sid_str)); + sid_to_string(sid_str, &sid5); + DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", + dom5, sid_str)); + + if (dom5[0] != 0 && sid_equal(&sid3, &sid5)) + { + safe_strcpy(domain, dom5, len); + sid_copy(sid, &sid5); + } + else + { + DEBUG(2,("Server %s is not a PDC\n", server)); + return False; + } + + } + else + { + DEBUG(1,("lsa query info failed\n")); + } + + return res1; +} + +/**************************************************************************** do a LSA Open Policy ****************************************************************************/ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, |