Added fetch_domain_sid. Not used in current code, but a nice example

of how to use this interface.
Jeremy.

diff --git a/source/libsmb/cli_lsarpc.c b/source/libsmb/cli_lsarpc.c
index 9526da94a869999c4502cbff7736d1276362b177..c528ff48a9e9411e138e615c743e8467b5e43f1b 100644 (file)
--- a/source/libsmb/cli_lsarpc.c
+++ b/source/libsmb/cli_lsarpc.c
@@ -988,5 +988,101 @@ NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx,
        return result;
 }
 
+/** Fetch a DOMAIN sid. Does complete cli setup / teardown anonymously. */
 
+BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
+{
+       extern pstring global_myname;
+       struct cli_state cli;
+       NTSTATUS result;
+       POLICY_HND lsa_pol;
+       BOOL ret = False;
+ 
+       ZERO_STRUCT(cli);
+       if(cli_initialise(&cli) == False) {
+               DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
+               return False;
+       }
+ 
+       if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
+               DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
+               goto done;
+       }
+ 
+       if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
+               DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
+machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+               goto done;
+       }
+
+       if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
+               DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS \
+session request. Error was %s\n", remote_machine, cli_errstr(&cli) ));
+               goto done;
+       }
+ 
+       cli.protocol = PROTOCOL_NT1;
+ 
+       if (!cli_negprot(&cli)) {
+               DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+               goto done;
+       }
+ 
+       if (cli.protocol != PROTOCOL_NT1) {
+               DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
+                       remote_machine));
+               goto done;
+       }
+ 
+       /*
+        * Do an anonymous session setup.
+        */
+ 
+       if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
+               DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+               goto done;
+       }
+ 
+       if (!(cli.sec_mode & 1)) {
+               DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
+                       remote_machine));
+               goto done;
+       }
+
+       if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+               DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+               goto done;
+       }
+
+       /* Fetch domain sid */
+ 
+       if (!cli_nt_session_open(&cli, PIPE_LSARPC)) {
+               DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
+               goto done;
+       }
+ 
+       result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
+       if (!NT_STATUS_IS_OK(result)) {
+               DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
+                       get_nt_error_msg(result) ));
+               goto done;
+       }
+ 
+       result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
+       if (!NT_STATUS_IS_OK(result)) {
+               DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
+                       get_nt_error_msg(result) ));
+               goto done;
+       }
+ 
+       ret = True;
+
+  done:
+
+       cli_shutdown(&cli);
+       return ret;
+}
 /** @} **/