r5910: Partial fix for bug 2438. I'll leave the debug message in place, that fix is a

bit more effort.

The real fix for this would be to open an schannel netlogon connection to the
remote DC and change the trust account password...

Volker
(This used to be commit ab8991c384d81d32ac13f89592e8b35208127b32)

1 files changed, 16 insertions, 36 deletions

diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 27cc2a0918..269a7f60af 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -4594,7 +4594,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 	TALLOC_CTX *mem_ctx;
 	NTSTATUS nt_status;
 	DOM_SID *domain_sid;
-	WKS_INFO_100 wks_info;
+	smb_ucs2_t *uni_domain_name;
 	
 	char* domain_name;
 	char* domain_name_pol;
@@ -4663,44 +4663,17 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 			 for domain %s\n", domain_name));
 	}
 	 
-	/*
-	 * Call WksQueryInfo to check remote server's capabilities
-	 * note: It is now used only to get unicode domain name
-	 */
-	
-	if (!cli_nt_session_open(cli, PI_WKSSVC)) {
-		DEBUG(0, ("Couldn't not initialise wkssvc pipe\n"));
-		return -1;
-	}
-
-	if (!(mem_ctx = talloc_init("establishing trust relationship to domain %s",
-	                domain_name))) {
+	if (!(mem_ctx = talloc_init("establishing trust relationship to "
+				    "domain %s", domain_name))) {
 		DEBUG(0, ("talloc_init() failed\n"));
 		cli_shutdown(cli);
 		return -1;
 	}
 	
-   	nt_status = cli_wks_query_info(cli, mem_ctx, &wks_info);
-	
-	if (NT_STATUS_IS_ERR(nt_status)) {
-		DEBUG(0, ("WksQueryInfo call failed.\n"));
-		return -1;
-	}
-
-	if (cli->nt_pipe_fnum[cli->pipe_idx])
-		cli_nt_session_close(cli);
-
-
 	/*
 	 * Call LsaOpenPolicy and LsaQueryInfo
 	 */
 	 
-	if (!(mem_ctx = talloc_init("rpc_trustdom_establish"))) {
-		DEBUG(0, ("talloc_init() failed\n"));
-		cli_shutdown(cli);
-		return -1;
-	}
-
 	if (!cli_nt_session_open(cli, PI_LSARPC)) {
 		DEBUG(0, ("Could not initialise lsa pipe\n"));
 		cli_shutdown(cli);
@@ -4718,16 +4691,19 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 	/* Querying info level 5 */
 	
 	nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd,
-	                                      5 /* info level */, &domain_name_pol,
-	                                      &domain_sid);
+	                                      5 /* info level */,
+					      &domain_name_pol, &domain_sid);
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
 			nt_errstr(nt_status)));
 		return -1;
 	}
 
-
-
+	if (push_ucs2_talloc(mem_ctx, &uni_domain_name, domain_name_pol) < 0) {
+		DEBUG(0, ("Could not convert domain name %s to unicode\n",
+			  domain_name_pol));
+		return -1;
+	}
 
 	/* There should be actually query info level 3 (following nt serv behaviour),
 	   but I still don't know if it's _really_ necessary */
@@ -4736,8 +4712,10 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 	 * Store the password in secrets db
 	 */
 
-	if (!secrets_store_trusted_domain_password(domain_name, wks_info.uni_lan_grp.buffer,
-						   wks_info.uni_lan_grp.uni_str_len, opt_password,
+	if (!secrets_store_trusted_domain_password(domain_name,
+						   uni_domain_name,
+						   strlen_w(uni_domain_name)+1,
+						   opt_password,
 						   *domain_sid)) {
 		DEBUG(0, ("Storing password for trusted domain failed.\n"));
 		return -1;
@@ -4756,6 +4734,8 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 
 	if (cli->nt_pipe_fnum[cli->pipe_idx])
 		cli_nt_session_close(cli);
+
+	cli_shutdown(cli);
 	 
 	talloc_destroy(mem_ctx);