diff options
| author | Volker Lendecke <vl@samba.org> | 2019-09-27 19:20:17 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-10-03 16:39:31 +0000 |
| commit | cb0b54d9acb4a0021a09f90299fec1bad3b63107 (patch) | |
| tree | c71355143e090fd6b464536015b5476ed09d538c /source3/rpcclient | |
| parent | dd108a171fe807b67fe8186cf96af18836bea451 (diff) | |
| download | samba-cb0b54d9acb4a0021a09f90299fec1bad3b63107.tar.gz | |
rpcclient: Make cmd_samr.c independent of global domain_sid
Pure SAMR allows us to figure out the domain sid, we don't need LSA
for this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/rpcclient')
| -rw-r--r-- | source3/rpcclient/cmd_samr.c | 83 |
1 files changed, 75 insertions, 8 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index cbcffa2532c..932688d7113 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -32,7 +32,7 @@ #include "rpc_client/init_lsa.h" #include "../libcli/security/security.h" -extern struct dom_sid domain_sid; +static struct dom_sid domain_sid; /**************************************************************************** display samr_user_info_7 structure @@ -276,20 +276,87 @@ static NTSTATUS rpccli_try_samr_connects( uint32_t access_mask, struct policy_handle *connect_pol) { + struct dcerpc_binding_handle *b = cli->binding_handle; NTSTATUS status; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint32_t start_idx = 0; + uint32_t i, num_entries; + struct samr_SamArray *sam = NULL; + struct dom_sid *domsid = NULL; - status = dcerpc_try_samr_connects(cli->binding_handle, - mem_ctx, - cli->srv_name_slash, - access_mask, - connect_pol, - &result); + status = dcerpc_try_samr_connects( + b, + mem_ctx, + cli->srv_name_slash, + access_mask, + connect_pol, + &result); if (!NT_STATUS_IS_OK(status)) { return status; } + if (!NT_STATUS_IS_OK(result)) { + return result; + } - return result; + if (!is_null_sid(&domain_sid)) { + return NT_STATUS_OK; + } + + /* + * Look up the servers domain SID. Just pick the first + * non-builtin domain from samr_EnumDomains. + */ + + status = dcerpc_samr_EnumDomains( + b, + mem_ctx, + connect_pol, + &start_idx, + &sam, + 0xffff, + &num_entries, + &result); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto fail; + } + + for (i=0; i<num_entries; i++) { + if (!strequal(sam->entries[i].name.string, "builtin")) { + break; + } + } + if (i == num_entries) { + status = NT_STATUS_NOT_FOUND; + goto fail; + } + + status = dcerpc_samr_LookupDomain( + b, + mem_ctx, + connect_pol, + &sam->entries[i].name, + &domsid, + &result); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto fail; + } + + sid_copy(&domain_sid, domsid); + TALLOC_FREE(domsid); + + return NT_STATUS_OK; + +fail: + dcerpc_samr_Close(b, mem_ctx, connect_pol, &result); + return status; } /**************************************************************************** |