Changeset 745 for trunk/server/source3/libsmb/trusts_util.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/libsmb/trusts_util.c (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/libsmb/trusts_util.c
r414 r745 21 21 #include "includes.h" 22 22 #include "../libcli/auth/libcli_auth.h" 23 #include "../librpc/gen_ndr/cli_lsa.h" 23 #include "../librpc/gen_ndr/ndr_lsa_c.h" 24 #include "rpc_client/cli_lsarpc.h" 25 #include "rpc_client/cli_netlogon.h" 26 #include "rpc_client/cli_pipe.h" 27 #include "../librpc/gen_ndr/ndr_netlogon.h" 28 #include "secrets.h" 29 #include "passdb.h" 30 #include "libsmb/libsmb.h" 24 31 25 32 /********************************************************* … … 136 143 bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, 137 144 char ***domain_names, uint32 *num_domains, 138 DOM_SID**sids )145 struct dom_sid **sids ) 139 146 { 140 147 struct policy_handle pol; 141 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;148 NTSTATUS status, result; 142 149 fstring dc_name; 143 150 struct sockaddr_storage dc_ss; … … 145 152 struct cli_state *cli = NULL; 146 153 struct rpc_pipe_client *lsa_pipe = NULL; 147 bool retry;148 154 struct lsa_DomainList dom_list; 149 155 int i; 156 struct dcerpc_binding_handle *b = NULL; 150 157 151 158 *domain_names = NULL; … … 163 170 /* setup the anonymous connection */ 164 171 165 result= cli_full_connection( &cli, global_myname(), dc_name, &dc_ss, 0, "IPC$", "IPC",166 "", "", "", 0, Undefined , &retry);167 if ( !NT_STATUS_IS_OK( result) )172 status = cli_full_connection( &cli, global_myname(), dc_name, &dc_ss, 0, "IPC$", "IPC", 173 "", "", "", 0, Undefined); 174 if ( !NT_STATUS_IS_OK(status) ) 168 175 goto done; 169 176 170 177 /* open the LSARPC_PIPE */ 171 178 172 result= cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,179 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, 173 180 &lsa_pipe); 174 if (!NT_STATUS_IS_OK(result)) { 175 goto done; 176 } 181 if (!NT_STATUS_IS_OK(status)) { 182 goto done; 183 } 184 185 b = lsa_pipe->binding_handle; 177 186 178 187 /* get a handle */ 179 188 180 result= rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,189 status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True, 181 190 LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol); 182 if ( !NT_STATUS_IS_OK( result) )191 if ( !NT_STATUS_IS_OK(status) ) 183 192 goto done; 184 193 185 194 /* Lookup list of trusted domains */ 186 195 187 result = rpccli_lsa_EnumTrustDom(lsa_pipe, mem_ctx,196 status = dcerpc_lsa_EnumTrustDom(b, mem_ctx, 188 197 &pol, 189 198 &enum_ctx, 190 199 &dom_list, 191 (uint32_t)-1); 192 if ( !NT_STATUS_IS_OK(result) ) 193 goto done; 200 (uint32_t)-1, 201 &result); 202 if ( !NT_STATUS_IS_OK(status) ) 203 goto done; 204 if (!NT_STATUS_IS_OK(result)) { 205 status = result; 206 goto done; 207 } 194 208 195 209 *num_domains = dom_list.count; … … 197 211 *domain_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_domains); 198 212 if (!*domain_names) { 199 result= NT_STATUS_NO_MEMORY;200 goto done; 201 } 202 203 *sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, *num_domains);213 status = NT_STATUS_NO_MEMORY; 214 goto done; 215 } 216 217 *sids = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, *num_domains); 204 218 if (!*sids) { 205 result= NT_STATUS_NO_MEMORY;219 status = NT_STATUS_NO_MEMORY; 206 220 goto done; 207 221 } … … 219 233 } 220 234 221 return NT_STATUS_IS_OK( result);235 return NT_STATUS_IS_OK(status); 222 236 } 237 238 NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) 239 { 240 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; 241 struct sockaddr_storage pdc_ss; 242 fstring dc_name; 243 struct cli_state *cli = NULL; 244 struct rpc_pipe_client *netlogon_pipe = NULL; 245 246 DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", 247 domain)); 248 249 if (remote_machine == NULL || !strcmp(remote_machine, "*")) { 250 /* Use the PDC *only* for this */ 251 252 if ( !get_pdc_ip(domain, &pdc_ss) ) { 253 DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); 254 goto failed; 255 } 256 257 if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) 258 goto failed; 259 } else { 260 /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ 261 fstrcpy( dc_name, remote_machine ); 262 } 263 264 /* if this next call fails, then give up. We can't do 265 password changes on BDC's --jerry */ 266 267 if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, 268 NULL, 0, 269 "IPC$", "IPC", 270 "", "", 271 "", 0, Undefined))) { 272 DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); 273 nt_status = NT_STATUS_UNSUCCESSFUL; 274 goto failed; 275 } 276 277 /* 278 * Ok - we have an anonymous connection to the IPC$ share. 279 * Now start the NT Domain stuff :-). 280 */ 281 282 /* Shouldn't we open this with schannel ? JRA. */ 283 284 nt_status = cli_rpc_pipe_open_noauth( 285 cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); 286 if (!NT_STATUS_IS_OK(nt_status)) { 287 DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", 288 dc_name, nt_errstr(nt_status))); 289 cli_shutdown(cli); 290 cli = NULL; 291 goto failed; 292 } 293 294 nt_status = trust_pw_find_change_and_store_it( 295 netlogon_pipe, netlogon_pipe, domain); 296 297 cli_shutdown(cli); 298 cli = NULL; 299 300 failed: 301 if (!NT_STATUS_IS_OK(nt_status)) { 302 DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", 303 current_timestring(talloc_tos(), False), domain)); 304 } 305 else 306 DEBUG(5,("change_trust_account_password: sucess!\n")); 307 308 return nt_status; 309 }
Note:
See TracChangeset
for help on using the changeset viewer.
