2 files changed, 31 insertions, 1 deletions

diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 34201ebc16..8362c1d172 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -379,3 +379,26 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
 
 	return True;
 }
+
+/****************************************************************************
+obtain a server's SAM SID and save it in the secrets database
+****************************************************************************/
+
+BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server)
+{
+	fstring domain, key;
+	POLICY_HND pol;
+	DOM_SID sid;
+	BOOL res, res2, res3;
+
+	res = cli_nt_session_open(cli, PIPE_LSARPC);
+	res2 = res ? do_lsa_open_policy(cli, server, &pol, 0) : False;
+	res3 = res2 ? do_lsa_query_info_pol(cli, &pol, 5, domain, &sid) : False;
+
+	res3 = res3 ? secrets_store_domain_sid(domain, &sid) : False;
+
+	res2 = res2 ? do_lsa_close(cli, &pol) : False;
+	cli_nt_session_close(cli);
+	
+	return res3;
+}
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ce4468d112..0043a1894e 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -579,7 +579,14 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
    * Ok - we have an anonymous connection to the IPC$ share.
    * Now start the NT Domain stuff :-).
    */
-    
+
+  if(cli_lsa_get_domain_sid(&cli, remote_machine) == False) {
+    DEBUG(0,("modify_trust_password: unable to obtain domain sid from %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
+    cli_ulogoff(&cli);
+    cli_shutdown(&cli);
+    return False;
+  }
+
   if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) {
     DEBUG(0,("modify_trust_password: unable to open the domain client session to \
 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));