From 00478b0559023d6e54e07053cb21c6e6e6936f35 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Jan 2011 17:25:02 +0100 Subject: s3-net: prefer dcerpc_lsa_X functions in "net rpc". Guenther --- source3/utils/net_rpc.c | 155 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 113 insertions(+), 42 deletions(-) (limited to 'source3/utils/net_rpc.c') diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 9a2e9c914d..7481c43ea0 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -26,7 +26,7 @@ #include "../librpc/gen_ndr/ndr_samr_c.h" #include "rpc_client/cli_samr.h" #include "rpc_client/init_samr.h" -#include "../librpc/gen_ndr/cli_lsa.h" +#include "../librpc/gen_ndr/ndr_lsa_c.h" #include "rpc_client/cli_lsarpc.h" #include "../librpc/gen_ndr/ndr_netlogon_c.h" #include "../librpc/gen_ndr/ndr_srvsvc_c.h" @@ -72,30 +72,40 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, { struct rpc_pipe_client *lsa_pipe = NULL; struct policy_handle pol; - NTSTATUS result = NT_STATUS_OK; + NTSTATUS status, result; union lsa_PolicyInformation *info = NULL; + struct dcerpc_binding_handle *b; - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, &lsa_pipe); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not initialise lsa pipe\n")); - return result; + return status; } - result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false, + b = lsa_pipe->binding_handle; + + status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false, SEC_FLAG_MAXIMUM_ALLOWED, &pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "open_policy %s: %s\n", _("failed"), - nt_errstr(result)); - return result; + nt_errstr(status)); + return status; } - result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, + status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &pol, LSA_POLICY_INFO_ACCOUNT_DOMAIN, - &info); + &info, + &result); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "lsaquery %s: %s\n", + _("failed"), + nt_errstr(status)); + return status; + } if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "lsaquery %s: %s\n", _("failed"), @@ -106,7 +116,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, *domain_name = info->account_domain.name.string; *domain_sid = info->account_domain.sid; - rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol); + dcerpc_lsa_Close(b, mem_ctx, &pol, &result); TALLOC_FREE(lsa_pipe); return NT_STATUS_OK; @@ -1929,37 +1939,40 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli, enum lsa_SidType *types = NULL; struct rpc_pipe_client *pipe_hnd = NULL; struct policy_handle lsa_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS status, result; + struct dcerpc_binding_handle *b; - result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(status)) { goto done; } - result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false, + b = pipe_hnd->binding_handle; + + status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false, SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(status)) { goto done; } - result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1, + status = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1, &name, NULL, 1, &sids, &types); - if (NT_STATUS_IS_OK(result)) { + if (NT_STATUS_IS_OK(status)) { sid_copy(sid, &sids[0]); *type = types[0]; } - rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); + dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result); done: if (pipe_hnd) { TALLOC_FREE(pipe_hnd); } - if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) { + if (!NT_STATUS_IS_OK(status) && (StrnCaseCmp(name, "S-", 2) == 0)) { /* Try as S-1-5-whatever */ @@ -1968,11 +1981,11 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli, if (string_to_sid(&tmp_sid, name)) { sid_copy(sid, &tmp_sid); *type = SID_NAME_UNKNOWN; - result = NT_STATUS_OK; + status = NT_STATUS_OK; } } - return result; + return status; } static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd, @@ -4411,6 +4424,7 @@ static NTSTATUS rpc_aliaslist_dump(struct net_context *c, int i; NTSTATUS result; struct policy_handle lsa_pol; + struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, @@ -4455,7 +4469,7 @@ static NTSTATUS rpc_aliaslist_dump(struct net_context *c, DEBUG(1, ("\n")); } - rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); + dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result); return NT_STATUS_OK; } @@ -6178,13 +6192,14 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, struct rpc_pipe_client *pipe_hnd = NULL; struct policy_handle connect_hnd; TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; + NTSTATUS nt_status, result; struct dom_sid *domain_sid; char* domain_name; char* acct_name; fstring pdc_name; union lsa_PolicyInformation *info = NULL; + struct dcerpc_binding_handle *b; /* * Connect to \\server\ipc$ as 'our domain' account with password @@ -6278,6 +6293,8 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, return -1; } + b = pipe_hnd->binding_handle; + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { @@ -6290,10 +6307,11 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, /* Querying info level 5 */ - nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &connect_hnd, LSA_POLICY_INFO_ACCOUNT_DOMAIN, - &info); + &info, + &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); @@ -6301,6 +6319,13 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, talloc_destroy(mem_ctx); return -1; } + if (NT_STATUS_IS_ERR(result)) { + DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", + nt_errstr(result))); + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } domain_sid = info->account_domain.sid; @@ -6322,7 +6347,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Close the pipes and clean up */ - nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd); + nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n", nt_errstr(nt_status))); @@ -6414,23 +6439,31 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, struct dom_sid dom_sid, const char *trusted_dom_name) { - NTSTATUS nt_status; + NTSTATUS nt_status, result; union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; uint8_t session_key[16]; DATA_BLOB session_key_blob; DATA_BLOB data = data_blob_null; + struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; - nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx, + nt_status = dcerpc_lsa_QueryTrustedDomainInfoBySid(b, mem_ctx, pol, &dom_sid, LSA_TRUSTED_DOMAIN_INFO_PASSWORD, - &info); + &info, + &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0,("Could not query trusted domain info. Error was %s\n", nt_errstr(nt_status))); goto done; } + if (NT_STATUS_IS_ERR(result)) { + nt_status = result; + DEBUG(0,("Could not query trusted domain info. Error was %s\n", + nt_errstr(result))); + goto done; + } data = data_blob(info->password.password->data, info->password.password->length); @@ -6475,7 +6508,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, TALLOC_CTX* mem_ctx; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; - NTSTATUS nt_status; + NTSTATUS nt_status, result; const char *domain_name = NULL; struct dom_sid *queried_dom_sid; struct policy_handle connect_hnd; @@ -6486,6 +6519,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, int i; struct lsa_DomainList dom_list; fstring pdc_name; + struct dcerpc_binding_handle *b; if (c->display_usage) { d_printf( "%s\n" @@ -6535,6 +6569,8 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, return -1; }; + b = pipe_hnd->binding_handle; + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { @@ -6546,10 +6582,11 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, }; /* query info level 5 to obtain sid of a domain being queried */ - nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &connect_hnd, LSA_POLICY_INFO_ACCOUNT_DOMAIN, - &info); + &info, + &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", @@ -6558,6 +6595,13 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, talloc_destroy(mem_ctx); return -1; } + if (NT_STATUS_IS_ERR(result)) { + DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", + nt_errstr(result))); + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } queried_dom_sid = info->account_domain.sid; @@ -6569,11 +6613,12 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, d_printf(_("Vampire trusted domains:\n\n")); do { - nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx, + nt_status = dcerpc_lsa_EnumTrustDom(b, mem_ctx, &connect_hnd, &enum_ctx, &dom_list, - (uint32_t)-1); + (uint32_t)-1, + &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); @@ -6581,6 +6626,15 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, talloc_destroy(mem_ctx); return -1; }; + if (NT_STATUS_IS_ERR(result)) { + nt_status = result; + DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", + nt_errstr(result))); + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + }; + for (i = 0; i < dom_list.count; i++) { @@ -6606,7 +6660,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); /* close this connection before doing next one */ - nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd); + nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n", nt_errstr(nt_status))); @@ -6706,10 +6760,11 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) }; /* query info level 5 to obtain sid of a domain being queried */ - nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &connect_hnd, LSA_POLICY_INFO_ACCOUNT_DOMAIN, - &info); + &info, + &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", @@ -6718,6 +6773,13 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) talloc_destroy(mem_ctx); return -1; } + if (NT_STATUS_IS_ERR(result)) { + DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", + nt_errstr(result))); + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } queried_dom_sid = info->account_domain.sid; @@ -6731,11 +6793,12 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) found_domain = false; do { - nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx, + nt_status = dcerpc_lsa_EnumTrustDom(b, mem_ctx, &connect_hnd, &enum_ctx, &dom_list, - (uint32_t)-1); + (uint32_t)-1, + &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); @@ -6743,6 +6806,14 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) talloc_destroy(mem_ctx); return -1; }; + if (NT_STATUS_IS_ERR(result)) { + DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", + nt_errstr(result))); + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + }; + for (i = 0; i < dom_list.count; i++) { print_trusted_domain(dom_list.domains[i].sid, @@ -6762,7 +6833,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) } /* close this connection before doing next one */ - nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd); + nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n", nt_errstr(nt_status))); -- cgit