2007-09-19 12:45:35 +00:00
/*
Unix SMB / CIFS implementation .
RPC pipe client
Copyright ( C ) Tim Potter 2000 - 2001 ,
Copyright ( C ) Andrew Tridgell 1992 - 1997 , 2000 ,
Copyright ( C ) Rafal Szczesniak 2002
2005-09-30 17:13:37 +00:00
Copyright ( C ) Jeremy Allison 2005.
2007-09-20 09:15:26 +00:00
Copyright ( C ) Michael Adam 2007.
2007-09-19 12:45:35 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
2007-09-19 12:45:35 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2007-09-19 12:45:35 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
/** @defgroup lsa LSA - Local Security Architecture
* @ ingroup rpc_client
*
* @ {
* */
/**
* @ file cli_lsarpc . c
*
* RPC client routines for the LSA RPC pipe . LSA means " local
* security authority " , which is half of a password database.
* */
/** Open a LSA policy handle
*
* @ param cli Handle on an initialised SMB connection */
2005-06-08 22:10:34 +00:00
NTSTATUS rpccli_lsa_open_policy ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
2007-10-18 17:40:25 -07:00
bool sec_qos , uint32 des_access ,
2005-06-08 22:10:34 +00:00
POLICY_HND * pol )
{
2008-02-11 17:50:18 +01:00
struct lsa_ObjectAttribute attr ;
struct lsa_QosInfo qos ;
uint16_t system_name = ' \\ ' ;
if ( sec_qos ) {
2008-02-11 17:50:18 +01:00
init_lsa_sec_qos ( & qos , 0xc , 2 , 1 , 0 ) ;
init_lsa_obj_attr ( & attr ,
0x18 ,
NULL ,
NULL ,
0 ,
NULL ,
& qos ) ;
} else {
2008-02-11 17:50:18 +01:00
init_lsa_obj_attr ( & attr ,
0x18 ,
NULL ,
NULL ,
0 ,
NULL ,
NULL ) ;
}
2008-02-11 17:50:18 +01:00
return rpccli_lsa_OpenPolicy ( cli , mem_ctx ,
& system_name ,
& attr ,
des_access ,
pol ) ;
}
/** Open a LSA policy handle
*
2007-09-19 12:45:35 +00:00
* @ param cli Handle on an initialised SMB connection
*/
2005-06-08 22:10:34 +00:00
NTSTATUS rpccli_lsa_open_policy2 ( struct rpc_pipe_client * cli ,
2007-10-18 17:40:25 -07:00
TALLOC_CTX * mem_ctx , bool sec_qos ,
2005-06-08 22:10:34 +00:00
uint32 des_access , POLICY_HND * pol )
{
2008-02-11 17:50:18 +01:00
struct lsa_ObjectAttribute attr ;
struct lsa_QosInfo qos ;
2005-09-30 17:13:37 +00:00
char * srv_name_slash = talloc_asprintf ( mem_ctx , " \\ \\ %s " , cli - > cli - > desthost ) ;
if ( sec_qos ) {
2008-02-11 17:50:18 +01:00
init_lsa_sec_qos ( & qos , 0xc , 2 , 1 , 0 ) ;
init_lsa_obj_attr ( & attr ,
0x18 ,
NULL ,
NULL ,
0 ,
NULL ,
& qos ) ;
} else {
2008-02-11 17:50:18 +01:00
init_lsa_obj_attr ( & attr ,
0x18 ,
NULL ,
NULL ,
0 ,
NULL ,
NULL ) ;
}
2008-02-11 17:50:18 +01:00
return rpccli_lsa_OpenPolicy2 ( cli , mem_ctx ,
srv_name_slash ,
& attr ,
des_access ,
pol ) ;
}
2007-05-22 11:30:35 +00:00
/* Lookup a list of sids
*
2007-05-22 13:40:01 +00:00
* internal version withOUT memory allocation of the target arrays .
* this assumes suffciently sized arrays to store domains , names and types . */
2007-05-22 11:30:35 +00:00
static NTSTATUS rpccli_lsa_lookup_sids_noalloc ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
POLICY_HND * pol ,
int num_sids ,
const DOM_SID * sids ,
char * * domains ,
char * * names ,
2007-10-25 18:29:49 -07:00
enum lsa_SidType * types )
2007-05-22 11:30:35 +00:00
{
prs_struct qbuf , rbuf ;
LSA_Q_LOOKUP_SIDS q ;
LSA_R_LOOKUP_SIDS r ;
DOM_R_REF ref ;
NTSTATUS result = NT_STATUS_OK ;
2007-05-22 13:40:01 +00:00
TALLOC_CTX * tmp_ctx = NULL ;
2007-05-22 11:30:35 +00:00
int i ;
2007-05-22 13:40:01 +00:00
tmp_ctx = talloc_new ( mem_ctx ) ;
if ( ! tmp_ctx ) {
DEBUG ( 0 , ( " rpccli_lsa_lookup_sids_noalloc: out of memory! \n " ) ) ;
result = NT_STATUS_UNSUCCESSFUL ;
goto done ;
}
2007-05-22 11:30:35 +00:00
ZERO_STRUCT ( q ) ;
ZERO_STRUCT ( r ) ;
2007-05-22 13:40:01 +00:00
init_q_lookup_sids ( tmp_ctx , & q , pol , num_sids , sids , 1 ) ;
2007-05-22 11:30:35 +00:00
ZERO_STRUCT ( ref ) ;
r . dom_ref = & ref ;
2007-05-22 13:40:01 +00:00
CLI_DO_RPC ( cli , tmp_ctx , PI_LSARPC , LSA_LOOKUPSIDS ,
2007-05-22 11:30:35 +00:00
q , r ,
qbuf , rbuf ,
lsa_io_q_lookup_sids ,
lsa_io_r_lookup_sids ,
NT_STATUS_UNSUCCESSFUL ) ;
2007-09-19 12:05:47 +00:00
DEBUG ( 10 , ( " LSA_LOOKUPSIDS returned '%s', mapped count = %d' \n " ,
nt_errstr ( r . status ) , r . mapped_count ) ) ;
2007-05-22 11:30:35 +00:00
if ( ! NT_STATUS_IS_OK ( r . status ) & &
2007-09-19 12:03:02 +00:00
! NT_STATUS_EQUAL ( r . status , NT_STATUS_NONE_MAPPED ) & &
2007-09-19 12:45:35 +00:00
! NT_STATUS_EQUAL ( r . status , STATUS_SOME_UNMAPPED ) )
2007-05-22 11:30:35 +00:00
{
/* An actual error occured */
result = r . status ;
goto done ;
}
/* Return output parameters */
2007-09-19 12:03:02 +00:00
if ( NT_STATUS_EQUAL ( r . status , NT_STATUS_NONE_MAPPED ) | |
( r . mapped_count = = 0 ) )
{
2007-08-29 14:34:15 +00:00
for ( i = 0 ; i < num_sids ; i + + ) {
( names ) [ i ] = NULL ;
( domains ) [ i ] = NULL ;
( types ) [ i ] = SID_NAME_UNKNOWN ;
}
2007-05-22 11:30:35 +00:00
result = NT_STATUS_NONE_MAPPED ;
goto done ;
}
for ( i = 0 ; i < num_sids ; i + + ) {
fstring name , dom_name ;
2007-06-09 00:13:07 +00:00
uint32 dom_idx = r . names . name [ i ] . domain_idx ;
2007-05-22 11:30:35 +00:00
/* Translate optimised name through domain index array */
if ( dom_idx ! = 0xffffffff ) {
rpcstr_pull_unistr2_fstring (
dom_name , & ref . ref_dom [ dom_idx ] . uni_dom_name ) ;
rpcstr_pull_unistr2_fstring (
2007-06-09 00:13:07 +00:00
name , & r . names . uni_name [ i ] ) ;
2007-05-22 11:30:35 +00:00
( names ) [ i ] = talloc_strdup ( mem_ctx , name ) ;
( domains ) [ i ] = talloc_strdup ( mem_ctx , dom_name ) ;
2007-10-10 15:34:30 -05:00
( types ) [ i ] = r . names . name [ i ] . sid_name_use ;
2007-09-19 12:45:35 +00:00
2007-05-22 11:30:35 +00:00
if ( ( ( names ) [ i ] = = NULL ) | | ( ( domains ) [ i ] = = NULL ) ) {
2007-06-09 00:13:07 +00:00
DEBUG ( 0 , ( " cli_lsa_lookup_sids_noalloc(): out of memory \n " ) ) ;
2007-05-22 11:30:35 +00:00
result = NT_STATUS_UNSUCCESSFUL ;
goto done ;
}
} else {
2007-05-22 21:17:31 +00:00
( names ) [ i ] = NULL ;
( domains ) [ i ] = NULL ;
2007-05-22 11:30:35 +00:00
( types ) [ i ] = SID_NAME_UNKNOWN ;
}
}
2007-05-22 13:40:01 +00:00
done :
TALLOC_FREE ( tmp_ctx ) ;
2007-05-22 11:30:35 +00:00
return result ;
}
2007-09-19 12:45:35 +00:00
/* Lookup a list of sids
2007-05-22 11:30:35 +00:00
*
* do it the right way : there is a limit ( of 20480 for w2k3 ) entries
* returned by this call . when the sids list contains more entries ,
* empty lists are returned . This version of lsa_lookup_sids passes
* the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call . */
/* This constant defines the limit of how many sids to look up
* in one call ( maximum ) . the limit from the server side is
* at 20480 for win2k3 , but we keep it at a save 1000 for now . */
# define LOOKUP_SIDS_HUNK_SIZE 1000
2007-09-19 22:11:09 +00:00
NTSTATUS rpccli_lsa_lookup_sids ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
POLICY_HND * pol ,
int num_sids ,
const DOM_SID * sids ,
char * * * domains ,
char * * * names ,
2007-10-25 18:29:49 -07:00
enum lsa_SidType * * types )
2007-05-22 11:30:35 +00:00
{
NTSTATUS result = NT_STATUS_OK ;
int sids_left = 0 ;
int sids_processed = 0 ;
const DOM_SID * hunk_sids = sids ;
char * * hunk_domains = NULL ;
char * * hunk_names = NULL ;
2007-10-25 18:29:49 -07:00
enum lsa_SidType * hunk_types = NULL ;
2007-05-22 11:30:35 +00:00
if ( num_sids ) {
if ( ! ( ( * domains ) = TALLOC_ARRAY ( mem_ctx , char * , num_sids ) ) ) {
2007-09-19 22:11:09 +00:00
DEBUG ( 0 , ( " rpccli_lsa_lookup_sids(): out of memory \n " ) ) ;
2007-05-22 11:30:35 +00:00
result = NT_STATUS_NO_MEMORY ;
2007-09-19 11:01:44 +00:00
goto fail ;
2007-05-22 11:30:35 +00:00
}
if ( ! ( ( * names ) = TALLOC_ARRAY ( mem_ctx , char * , num_sids ) ) ) {
2007-09-19 22:11:09 +00:00
DEBUG ( 0 , ( " rpccli_lsa_lookup_sids(): out of memory \n " ) ) ;
2007-05-22 11:30:35 +00:00
result = NT_STATUS_NO_MEMORY ;
2007-09-19 11:01:44 +00:00
goto fail ;
2007-05-22 11:30:35 +00:00
}
if ( ! ( ( * types ) = TALLOC_ARRAY ( mem_ctx , enum lsa_SidType , num_sids ) ) ) {
2007-09-19 22:11:09 +00:00
DEBUG ( 0 , ( " rpccli_lsa_lookup_sids(): out of memory \n " ) ) ;
2007-05-22 11:30:35 +00:00
result = NT_STATUS_NO_MEMORY ;
2007-09-19 11:01:44 +00:00
goto fail ;
2007-05-22 11:30:35 +00:00
}
} else {
( * domains ) = NULL ;
( * names ) = NULL ;
( * types ) = NULL ;
}
2007-09-19 12:45:35 +00:00
2007-05-22 11:30:35 +00:00
sids_left = num_sids ;
hunk_domains = * domains ;
hunk_names = * names ;
hunk_types = * types ;
while ( sids_left > 0 ) {
int hunk_num_sids ;
NTSTATUS hunk_result = NT_STATUS_OK ;
2007-09-19 12:45:35 +00:00
hunk_num_sids = ( ( sids_left > LOOKUP_SIDS_HUNK_SIZE )
? LOOKUP_SIDS_HUNK_SIZE
2007-05-22 11:30:35 +00:00
: sids_left ) ;
2007-09-19 22:11:09 +00:00
DEBUG ( 10 , ( " rpccli_lsa_lookup_sids: processing items "
2007-09-19 12:45:35 +00:00
" %d -- %d of %d. \n " ,
sids_processed ,
2007-05-22 11:30:35 +00:00
sids_processed + hunk_num_sids - 1 ,
num_sids ) ) ;
2007-05-22 13:40:01 +00:00
hunk_result = rpccli_lsa_lookup_sids_noalloc ( cli ,
mem_ctx ,
2007-05-22 11:30:35 +00:00
pol ,
2007-09-19 12:45:35 +00:00
hunk_num_sids ,
2007-05-22 11:30:35 +00:00
hunk_sids ,
hunk_domains ,
hunk_names ,
hunk_types ) ;
if ( ! NT_STATUS_IS_OK ( hunk_result ) & &
! NT_STATUS_EQUAL ( hunk_result , STATUS_SOME_UNMAPPED ) & &
2007-09-19 12:45:35 +00:00
! NT_STATUS_EQUAL ( hunk_result , NT_STATUS_NONE_MAPPED ) )
2007-05-22 11:30:35 +00:00
{
/* An actual error occured */
2007-09-19 11:01:44 +00:00
result = hunk_result ;
goto fail ;
2007-05-22 11:30:35 +00:00
}
/* adapt overall result */
2007-09-19 12:45:35 +00:00
if ( ( NT_STATUS_IS_OK ( result ) & &
! NT_STATUS_IS_OK ( hunk_result ) )
2007-05-22 11:30:35 +00:00
| |
( NT_STATUS_EQUAL ( result , NT_STATUS_NONE_MAPPED ) & &
! NT_STATUS_EQUAL ( hunk_result , NT_STATUS_NONE_MAPPED ) ) )
{
result = STATUS_SOME_UNMAPPED ;
}
sids_left - = hunk_num_sids ;
sids_processed + = hunk_num_sids ; /* only used in DEBUG */
hunk_sids + = hunk_num_sids ;
hunk_domains + = hunk_num_sids ;
hunk_names + = hunk_num_sids ;
hunk_types + = hunk_num_sids ;
}
2007-09-19 11:01:44 +00:00
return result ;
fail :
TALLOC_FREE ( * domains ) ;
TALLOC_FREE ( * names ) ;
TALLOC_FREE ( * types ) ;
2007-05-22 11:30:35 +00:00
return result ;
}
/** Lookup a list of names */
2005-06-08 22:10:34 +00:00
NTSTATUS rpccli_lsa_lookup_names ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
2007-09-19 12:45:35 +00:00
POLICY_HND * pol , int num_names ,
2006-02-03 22:19:41 +00:00
const char * * names ,
const char * * * dom_names ,
2007-06-27 11:42:17 +00:00
int level ,
2006-02-03 22:19:41 +00:00
DOM_SID * * sids ,
2007-10-25 18:29:49 -07:00
enum lsa_SidType * * types )
{
prs_struct qbuf , rbuf ;
LSA_Q_LOOKUP_NAMES q ;
LSA_R_LOOKUP_NAMES r ;
DOM_R_REF ref ;
NTSTATUS result ;
int i ;
2007-09-19 12:45:35 +00:00
ZERO_STRUCT ( q ) ;
ZERO_STRUCT ( r ) ;
ZERO_STRUCT ( ref ) ;
r . dom_ref = & ref ;
2007-06-27 11:42:17 +00:00
init_q_lookup_names ( mem_ctx , & q , pol , num_names , names , level ) ;
2005-09-30 17:13:37 +00:00
CLI_DO_RPC ( cli , mem_ctx , PI_LSARPC , LSA_LOOKUPNAMES ,
q , r ,
qbuf , rbuf ,
lsa_io_q_lookup_names ,
lsa_io_r_lookup_names ,
NT_STATUS_UNSUCCESSFUL ) ;
result = r . status ;
if ( ! NT_STATUS_IS_OK ( result ) & & NT_STATUS_V ( result ) ! =
NT_STATUS_V ( STATUS_SOME_UNMAPPED ) ) {
/* An actual error occured */
goto done ;
}
/* Return output parameters */
if ( r . mapped_count = = 0 ) {
result = NT_STATUS_NONE_MAPPED ;
goto done ;
}
2007-04-30 02:39:34 +00:00
if ( num_names ) {
if ( ! ( ( * sids = TALLOC_ARRAY ( mem_ctx , DOM_SID , num_names ) ) ) ) {
DEBUG ( 0 , ( " cli_lsa_lookup_sids(): out of memory \n " ) ) ;
result = NT_STATUS_NO_MEMORY ;
goto done ;
}
2007-10-25 18:29:49 -07:00
if ( ! ( ( * types = TALLOC_ARRAY ( mem_ctx , enum lsa_SidType , num_names ) ) ) ) {
2006-02-03 22:19:41 +00:00
DEBUG ( 0 , ( " cli_lsa_lookup_sids(): out of memory \n " ) ) ;
result = NT_STATUS_NO_MEMORY ;
goto done ;
}
2007-04-30 02:39:34 +00:00
if ( dom_names ! = NULL ) {
* dom_names = TALLOC_ARRAY ( mem_ctx , const char * , num_names ) ;
if ( * dom_names = = NULL ) {
DEBUG ( 0 , ( " cli_lsa_lookup_sids(): out of memory \n " ) ) ;
result = NT_STATUS_NO_MEMORY ;
goto done ;
}
}
} else {
* sids = NULL ;
* types = NULL ;
if ( dom_names ! = NULL ) {
* dom_names = NULL ;
}
2006-02-03 22:19:41 +00:00
}
for ( i = 0 ; i < num_names ; i + + ) {
2006-02-12 16:45:50 +00:00
DOM_RID * t_rids = r . dom_rid ;
uint32 dom_idx = t_rids [ i ] . rid_idx ;
uint32 dom_rid = t_rids [ i ] . rid ;
DOM_SID * sid = & ( * sids ) [ i ] ;
/* Translate optimised sid through domain index array */
2006-02-03 22:19:41 +00:00
if ( dom_idx = = 0xffffffff ) {
/* Nothing to do, this is unknown */
ZERO_STRUCTP ( sid ) ;
( * types ) [ i ] = SID_NAME_UNKNOWN ;
continue ;
}
2006-02-03 22:19:41 +00:00
sid_copy ( sid , & ref . ref_dom [ dom_idx ] . ref_dom . sid ) ;
2006-02-03 22:19:41 +00:00
if ( dom_rid ! = 0xffffffff ) {
sid_append_rid ( sid , dom_rid ) ;
}
2007-10-10 15:34:30 -05:00
( * types ) [ i ] = t_rids [ i ] . type ;
2006-02-03 22:19:41 +00:00
if ( dom_names = = NULL ) {
continue ;
}
2006-02-03 22:19:41 +00:00
( * dom_names ) [ i ] = rpcstr_pull_unistr2_talloc (
* dom_names , & ref . ref_dom [ dom_idx ] . uni_dom_name ) ;
}
done :
return result ;
}
#if 0
/** An example of how to use the routines in this file. Fetch a DOMAIN
sid . Does complete cli setup / teardown anonymously . */
2007-10-18 17:40:25 -07:00
bool fetch_domain_sid ( char * domain , char * remote_machine , DOM_SID * psid )
{
2007-10-10 15:34:30 -05:00
struct cli_state cli ;
NTSTATUS result ;
POLICY_HND lsa_pol ;
2007-10-18 17:40:25 -07:00
bool ret = False ;
2007-09-19 12:45:35 +00:00
ZERO_STRUCT ( cli ) ;
2007-10-10 15:34:30 -05:00
if ( cli_initialise ( & cli ) = = False ) {
DEBUG ( 0 , ( " fetch_domain_sid: unable to initialize client connection. \n " ) ) ;
return False ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( ! resolve_name ( remote_machine , & cli . dest_ip , 0x20 ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: Can't resolve address for %s \n " , remote_machine ) ) ;
goto done ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( ! cli_connect ( & cli , remote_machine , & cli . dest_ip ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: unable to connect to SMB server on \
2007-10-10 15:34:30 -05:00
machine % s . Error was : % s . \ n " , remote_machine, cli_errstr(&cli) ));
goto done ;
}
2007-11-20 17:18:16 -08:00
if ( ! attempt_netbios_session_request ( & cli , global_myname ( ) , remote_machine , & cli . dest_ip ) ) {
2007-09-19 12:45:35 +00:00
DEBUG ( 0 , ( " fetch_domain_sid: machine %s rejected the NetBIOS session request. \n " ,
remote_machine ) ) ;
goto done ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
cli . protocol = PROTOCOL_NT1 ;
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( ! cli_negprot ( & cli ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: machine %s rejected the negotiate protocol. \
2007-10-10 15:34:30 -05:00
Error was : % s . \ n " , remote_machine, cli_errstr(&cli) ));
goto done ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( cli . protocol ! = PROTOCOL_NT1 ) {
DEBUG ( 0 , ( " fetch_domain_sid: machine %s didn't negotiate NT protocol. \n " ,
remote_machine ) ) ;
goto done ;
}
2007-09-19 12:45:35 +00:00
/*
* Do an anonymous session setup .
*/
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( ! cli_session_setup ( & cli , " " , " " , 0 , " " , 0 , " " ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: machine %s rejected the session setup. \
2007-10-10 15:34:30 -05:00
Error was : % s . \ n " , remote_machine, cli_errstr(&cli) ));
goto done ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( ! ( cli . sec_mode & NEGOTIATE_SECURITY_USER_LEVEL ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: machine %s isn't in user level security mode \n " ,
remote_machine ) ) ;
goto done ;
}
2007-10-10 15:34:30 -05:00
if ( ! cli_send_tconX ( & cli , " IPC$ " , " IPC " , " " , 1 ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
2007-10-10 15:34:30 -05:00
Error was : % s . \ n " , remote_machine, cli_errstr(&cli) ));
goto done ;
}
/* Fetch domain sid */
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
if ( ! cli_nt_session_open ( & cli , PI_LSARPC ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: Error connecting to SAM pipe \n " ) ) ;
goto done ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
result = cli_lsa_open_policy ( & cli , cli . mem_ctx , True , SEC_RIGHTS_QUERY_VALUE , & lsa_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: Error opening lsa policy handle. %s \n " ,
nt_errstr ( result ) ) ) ;
goto done ;
}
2007-09-19 12:45:35 +00:00
2007-10-10 15:34:30 -05:00
result = cli_lsa_query_info_policy ( & cli , cli . mem_ctx , & lsa_pol , 5 , domain , psid ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " fetch_domain_sid: Error querying lsa policy handle. %s \n " ,
nt_errstr ( result ) ) ) ;
goto done ;
}
2007-09-19 12:45:35 +00:00
ret = True ;
done :
2007-10-10 15:34:30 -05:00
cli_shutdown ( & cli ) ;
return ret ;
}
# endif
