mirror of
https://github.com/samba-team/samba.git
synced 2025-08-28 09:49:30 +03:00
s3:rpc_client: Implement createtrustdomex3 command
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
committed by
Andrew Bartlett
parent
bb4d8de9a8
commit
56e1051ad7
@ -2540,6 +2540,120 @@ static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli,
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS cmd_lsa_create_trusted_domain_ex3(struct rpc_pipe_client *cli,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv)
|
||||
{
|
||||
struct dcerpc_binding_handle *b = cli->binding_handle;
|
||||
struct policy_handle handle = {
|
||||
.handle_type = 0,
|
||||
};
|
||||
struct policy_handle trustdom_handle = {
|
||||
.handle_type = 0,
|
||||
};
|
||||
struct dom_sid sid = {
|
||||
.num_auths = 0,
|
||||
};
|
||||
union lsa_revision_info out_revision_info = {
|
||||
.info1 = {
|
||||
.revision = 0,
|
||||
},
|
||||
};
|
||||
struct lsa_TrustDomainInfoAuthInfoInternalAES *authinfo_internal = NULL;
|
||||
struct lsa_TrustDomainInfoInfoEx trustinfo = {
|
||||
.trust_attributes = 0,
|
||||
};
|
||||
uint32_t out_version = 0;
|
||||
NTSTATUS status;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
DATA_BLOB session_key = {
|
||||
.length = 0,
|
||||
};
|
||||
bool ok;
|
||||
|
||||
if (argc < 7) {
|
||||
printf("Usage: %s trust_name trust_dns_name trust_sid "
|
||||
"trust_directrion trust_type "
|
||||
"incoming_trustpw outgoing_trustpw\n",
|
||||
argv[0]);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
status = cli_get_session_key(mem_ctx, cli, &session_key);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DBG_ERR("Could not retrieve session key: %s\n",
|
||||
nt_errstr(status));
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = dcerpc_lsa_open_policy_fallback(b,
|
||||
mem_ctx,
|
||||
cli->srv_name_slash,
|
||||
true,
|
||||
SEC_FLAG_MAXIMUM_ALLOWED,
|
||||
&out_version,
|
||||
&out_revision_info,
|
||||
&handle,
|
||||
&result);
|
||||
if (any_nt_status_not_ok(status, result, &status)) {
|
||||
DBG_ERR("Could not open LSA connection: %s\n",
|
||||
nt_errstr(status));
|
||||
return status;
|
||||
}
|
||||
|
||||
init_lsa_StringLarge(&trustinfo.netbios_name, argv[1]);
|
||||
init_lsa_StringLarge(&trustinfo.domain_name, argv[2]);
|
||||
|
||||
ok = string_to_sid(&sid, argv[3]);
|
||||
if (!ok) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
DBG_ERR("Could not convert SID: %s\n", nt_errstr(status));
|
||||
goto done;
|
||||
}
|
||||
trustinfo.sid = &sid;
|
||||
|
||||
trustinfo.trust_direction = atoi(argv[4]);
|
||||
trustinfo.trust_type = atoi(argv[5]);
|
||||
|
||||
ok = rpc_lsa_encrypt_trustdom_info_aes(mem_ctx,
|
||||
argv[6],
|
||||
argv[6],
|
||||
argv[7],
|
||||
argv[7],
|
||||
session_key,
|
||||
&authinfo_internal);
|
||||
if (!ok) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
DBG_ERR("Could not encrypt trust information: %s\n",
|
||||
nt_errstr(status));
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = dcerpc_lsa_CreateTrustedDomainEx3(b,
|
||||
mem_ctx,
|
||||
&handle,
|
||||
&trustinfo,
|
||||
authinfo_internal,
|
||||
SEC_FLAG_MAXIMUM_ALLOWED,
|
||||
&trustdom_handle,
|
||||
&result);
|
||||
if (any_nt_status_not_ok(status, result, &status)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
if (is_valid_policy_hnd(&trustdom_handle)) {
|
||||
dcerpc_lsa_Close(b, mem_ctx, &trustdom_handle, &result);
|
||||
}
|
||||
|
||||
if (is_valid_policy_hnd(&handle)) {
|
||||
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS cmd_lsa_create_trusted_domain_ex2(struct rpc_pipe_client *cli,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
@ -3108,6 +3222,16 @@ struct cmd_set lsarpc_commands[] = {
|
||||
.description = "Create Trusted Domain (Ex2 Variant)",
|
||||
.usage = "",
|
||||
},
|
||||
{
|
||||
.name = "createtrustdomex3",
|
||||
.returntype = RPC_RTYPE_NTSTATUS,
|
||||
.ntfn = cmd_lsa_create_trusted_domain_ex3,
|
||||
.wfn = NULL,
|
||||
.table = &ndr_table_lsarpc,
|
||||
.rpc_pipe = NULL,
|
||||
.description = "Create Trusted Domain (Ex3 Variant)",
|
||||
.usage = "",
|
||||
},
|
||||
{
|
||||
.name = "deletetrustdom",
|
||||
.returntype = RPC_RTYPE_NTSTATUS,
|
||||
|
Reference in New Issue
Block a user