From 6a60668fe2e2c47f27716f238113b099da3859d7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 11 Dec 2001 03:03:45 +0000 Subject: SAMR query sec obj returns different results depending on which sam handle it is passed. Not sure what these different contexts are called or what they are used for. - if a rid is specified to samquerysecobj then use the sam user policy handle for that rid - if -d is specified then use the sam domain policy handle - otherwise just use the sam connect policy handle JF, any ideas about this? (This used to be commit 4ef50ef9f76219ea8acc29a1d740b31a1d7a1e04) --- source3/rpcclient/cmd_samr.c | 46 ++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) (limited to 'source3/rpcclient/cmd_samr.c') diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 4a748fab8d..c31127be4e 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1105,22 +1105,29 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { - POLICY_HND connect_pol, domain_pol, user_pol; + POLICY_HND connect_pol, domain_pol, user_pol, *pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 4; fstring server; - uint32 user_rid; + uint32 user_rid = 0; TALLOC_CTX *ctx = NULL; SEC_DESC_BUF *sec_desc_buf=NULL; + BOOL domain = False; ctx=talloc_init(); - if (argc != 2) { - printf("Usage: %s rid\n", argv[0]); + if (argc > 2) { + printf("Usage: %s [rid|-d]\n", argv[0]); + printf("\tSpecify rid for security on user, -d for security on domain\n"); return NT_STATUS_OK; } - sscanf(argv[1], "%i", &user_rid); + if (argc == 2) { + if (strcmp(argv[1], "-d") == 0) + domain = True; + else + sscanf(argv[1], "%i", &user_rid); + } slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper (server); @@ -1130,21 +1137,36 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, &domain_pol); + if (domain || user_rid) + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_samr_open_user(cli, mem_ctx, &domain_pol, - MAXIMUM_ALLOWED_ACCESS, - user_rid, &user_pol); + if (user_rid) + result = cli_samr_open_user(cli, mem_ctx, &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rid, &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_samr_query_sec_obj(cli, mem_ctx, &user_pol, info_level, ctx, &sec_desc_buf); + /* Pick which query pol to use */ + + pol = &connect_pol; + + if (domain) + pol = &domain_pol; + + if (user_rid) + pol = &user_pol; + + /* Query SAM security object */ + + result = cli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx, + &sec_desc_buf); if (!NT_STATUS_IS_OK(result)) goto done; -- cgit