summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2005-03-20 11:51:01 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:08 -0500
commitb4ecaaf599744c4db250e6bad690f94f8ea3f340 (patch)
tree3b8d4049af02c676a1d7f4c25485e4a2aa526cf4 /source3
parent5d88feaaad77bbb8a172c911624ccb07d6050da4 (diff)
downloadsamba-b4ecaaf599744c4db250e6bad690f94f8ea3f340.tar.gz
samba-b4ecaaf599744c4db250e6bad690f94f8ea3f340.tar.bz2
samba-b4ecaaf599744c4db250e6bad690f94f8ea3f340.zip
r5910: Partial fix for bug 2438. I'll leave the debug message in place, that fix is a
bit more effort. The real fix for this would be to open an schannel netlogon connection to the remote DC and change the trust account password... Volker (This used to be commit ab8991c384d81d32ac13f89592e8b35208127b32)
Diffstat (limited to 'source3')
-rw-r--r--source3/utils/net_rpc.c52
1 files changed, 16 insertions, 36 deletions
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 27cc2a0918..269a7f60af 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -4594,7 +4594,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
TALLOC_CTX *mem_ctx;
NTSTATUS nt_status;
DOM_SID *domain_sid;
- WKS_INFO_100 wks_info;
+ smb_ucs2_t *uni_domain_name;
char* domain_name;
char* domain_name_pol;
@@ -4663,44 +4663,17 @@ static int rpc_trustdom_establish(int argc, const char **argv)
for domain %s\n", domain_name));
}
- /*
- * Call WksQueryInfo to check remote server's capabilities
- * note: It is now used only to get unicode domain name
- */
-
- if (!cli_nt_session_open(cli, PI_WKSSVC)) {
- DEBUG(0, ("Couldn't not initialise wkssvc pipe\n"));
- return -1;
- }
-
- if (!(mem_ctx = talloc_init("establishing trust relationship to domain %s",
- domain_name))) {
+ if (!(mem_ctx = talloc_init("establishing trust relationship to "
+ "domain %s", domain_name))) {
DEBUG(0, ("talloc_init() failed\n"));
cli_shutdown(cli);
return -1;
}
- nt_status = cli_wks_query_info(cli, mem_ctx, &wks_info);
-
- if (NT_STATUS_IS_ERR(nt_status)) {
- DEBUG(0, ("WksQueryInfo call failed.\n"));
- return -1;
- }
-
- if (cli->nt_pipe_fnum[cli->pipe_idx])
- cli_nt_session_close(cli);
-
-
/*
* Call LsaOpenPolicy and LsaQueryInfo
*/
- if (!(mem_ctx = talloc_init("rpc_trustdom_establish"))) {
- DEBUG(0, ("talloc_init() failed\n"));
- cli_shutdown(cli);
- return -1;
- }
-
if (!cli_nt_session_open(cli, PI_LSARPC)) {
DEBUG(0, ("Could not initialise lsa pipe\n"));
cli_shutdown(cli);
@@ -4718,16 +4691,19 @@ static int rpc_trustdom_establish(int argc, const char **argv)
/* Querying info level 5 */
nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd,
- 5 /* info level */, &domain_name_pol,
- &domain_sid);
+ 5 /* info level */,
+ &domain_name_pol, &domain_sid);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
return -1;
}
-
-
+ if (push_ucs2_talloc(mem_ctx, &uni_domain_name, domain_name_pol) < 0) {
+ DEBUG(0, ("Could not convert domain name %s to unicode\n",
+ domain_name_pol));
+ return -1;
+ }
/* There should be actually query info level 3 (following nt serv behaviour),
but I still don't know if it's _really_ necessary */
@@ -4736,8 +4712,10 @@ static int rpc_trustdom_establish(int argc, const char **argv)
* Store the password in secrets db
*/
- if (!secrets_store_trusted_domain_password(domain_name, wks_info.uni_lan_grp.buffer,
- wks_info.uni_lan_grp.uni_str_len, opt_password,
+ if (!secrets_store_trusted_domain_password(domain_name,
+ uni_domain_name,
+ strlen_w(uni_domain_name)+1,
+ opt_password,
*domain_sid)) {
DEBUG(0, ("Storing password for trusted domain failed.\n"));
return -1;
@@ -4756,6 +4734,8 @@ static int rpc_trustdom_establish(int argc, const char **argv)
if (cli->nt_pipe_fnum[cli->pipe_idx])
cli_nt_session_close(cli);
+
+ cli_shutdown(cli);
talloc_destroy(mem_ctx);