diff options
author | Tim Potter <tpot@samba.org> | 2001-12-11 03:03:45 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-12-11 03:03:45 +0000 |
commit | 6a60668fe2e2c47f27716f238113b099da3859d7 (patch) | |
tree | 610f223a1421161bdd643a42924f7a9e224c4b10 /source3/rpcclient | |
parent | 44d423419a976a9d1a891774d01770bd93b31d46 (diff) | |
download | samba-6a60668fe2e2c47f27716f238113b099da3859d7.tar.gz samba-6a60668fe2e2c47f27716f238113b099da3859d7.tar.bz2 samba-6a60668fe2e2c47f27716f238113b099da3859d7.zip |
SAMR query sec obj returns different results depending on which sam handle
it is passed. Not sure what these different contexts are called or what
they are used for.
- if a rid is specified to samquerysecobj then use the sam user policy
handle for that rid
- if -d is specified then use the sam domain policy handle
- otherwise just use the sam connect policy handle
JF, any ideas about this?
(This used to be commit 4ef50ef9f76219ea8acc29a1d740b31a1d7a1e04)
Diffstat (limited to 'source3/rpcclient')
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 4a748fab8d..c31127be4e 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1105,22 +1105,29 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { - POLICY_HND connect_pol, domain_pol, user_pol; + POLICY_HND connect_pol, domain_pol, user_pol, *pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 4; fstring server; - uint32 user_rid; + uint32 user_rid = 0; TALLOC_CTX *ctx = NULL; SEC_DESC_BUF *sec_desc_buf=NULL; + BOOL domain = False; ctx=talloc_init(); - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if (argc > 2) { + printf("Usage: %s [rid|-d]\n", argv[0]); + printf("\tSpecify rid for security on user, -d for security on domain\n"); return NT_STATUS_OK; } - sscanf(argv[1], "%i", &user_rid); + if (argc == 2) { + if (strcmp(argv[1], "-d") == 0) + domain = True; + else + sscanf(argv[1], "%i", &user_rid); + } slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); @@ -1130,21 +1137,36 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, &domain_pol); + if (domain || user_rid) + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_samr_open_user(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rid, &user_pol); + if (user_rid) + result = cli_samr_open_user(cli, mem_ctx, &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rid, &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_samr_query_sec_obj(cli, mem_ctx, &user_pol, info_level, ctx, &sec_desc_buf); + /* Pick which query pol to use */ + + pol = &connect_pol; + + if (domain) + pol = &domain_pol; + + if (user_rid) + pol = &user_pol; + + /* Query SAM security object */ + + result = cli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx, + &sec_desc_buf); if (!NT_STATUS_IS_OK(result)) goto done; |