From badb7fc0d21267110e39287c897c0f956f43bb16 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Mon, 29 May 2000 01:23:48 +0000 Subject: Fixed LsaQueryInformationPolicy level 3 to return primary domain info. Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb) --- source3/rpc_client/cli_lsarpc.c | 23 +++++++++++++++++++++++ source3/rpc_client/cli_netlogon.c | 9 ++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) (limited to 'source3/rpc_client') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 34201ebc16..8362c1d172 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -379,3 +379,26 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) return True; } + +/**************************************************************************** +obtain a server's SAM SID and save it in the secrets database +****************************************************************************/ + +BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) +{ + fstring domain, key; + POLICY_HND pol; + DOM_SID sid; + BOOL res, res2, res3; + + res = cli_nt_session_open(cli, PIPE_LSARPC); + res2 = res ? do_lsa_open_policy(cli, server, &pol, 0) : False; + res3 = res2 ? do_lsa_query_info_pol(cli, &pol, 5, domain, &sid) : False; + + res3 = res3 ? secrets_store_domain_sid(domain, &sid) : False; + + res2 = res2 ? do_lsa_close(cli, &pol) : False; + cli_nt_session_close(cli); + + return res3; +} diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index ce4468d112..0043a1894e 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -579,7 +579,14 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); * Ok - we have an anonymous connection to the IPC$ share. * Now start the NT Domain stuff :-). */ - + + if(cli_lsa_get_domain_sid(&cli, remote_machine) == False) { + DEBUG(0,("modify_trust_password: unable to obtain domain sid from %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); + cli_ulogoff(&cli); + cli_shutdown(&cli); + return False; + } + if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) { DEBUG(0,("modify_trust_password: unable to open the domain client session to \ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); -- cgit