From 8360695fc02dfb09aff92a434bf9d411e65c478c Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 28 Feb 2005 10:55:13 +0000 Subject: [PATCH] r5591: Implement "net rpc trustdom del", including client side of samr_remove_sid_from_foreign_domain. --- source/rpc_client/cli_samr.c | 48 ++++++++++++++ source/rpcclient/cmd_lsarpc.c | 11 ++-- source/rpcclient/rpcclient.c | 4 +- source/utils/net_rpc.c | 119 ++++++++++++++++++++++++++++++++-- 4 files changed, 170 insertions(+), 12 deletions(-) diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index 5473168c0f..75751dbcbd 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -2051,6 +2051,54 @@ NTSTATUS cli_samr_delete_dom_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/* Remove foreign SID */ + +NTSTATUS cli_samr_remove_sid_foreign_domain(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *user_pol, + DOM_SID *sid) +{ + prs_struct qbuf, rbuf; + SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN q; + SAMR_R_REMOVE_SID_FOREIGN_DOMAIN r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DEBUG(10,("cli_samr_remove_sid_foreign_domain\n")); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_samr_q_remove_sid_foreign_domain(&q, user_pol, sid); + + if (!samr_io_q_remove_sid_foreign_domain("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_SAMR, SAMR_REMOVE_SID_FOREIGN_DOMAIN, &qbuf, &rbuf)) { + goto done; + } + + /* Unmarshall response */ + + if (!samr_io_r_remove_sid_foreign_domain("", &r, &rbuf, 0)) { + goto done; + } + + /* Return output parameters */ + + result = r.status; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /* Query user security object */ NTSTATUS cli_samr_query_sec_obj(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 597c950a24..3fca535ff0 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -192,6 +192,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, char **names; uint32 *types; int i; + int nsids = atoi(argv[2]); if (argc == 1) { printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]); @@ -207,22 +208,22 @@ static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Convert arguments to sids */ - sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1); + sids = TALLOC_ARRAY(mem_ctx, DOM_SID, nsids); if (!sids) { printf("could not allocate memory for %d sids\n", argc - 1); goto done; } - for (i = 0; i < argc - 1; i++) - if (!string_to_sid(&sids[i], argv[i + 1])) { + for (i = 0; i < nsids; i++) + if (!string_to_sid(&sids[i], argv[1])) { result = NT_STATUS_INVALID_SID; goto done; } /* Lookup the SIDs */ - result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, + result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, nsids, sids, &domains, &names, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != @@ -233,7 +234,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Print results */ - for (i = 0; i < (argc - 1); i++) { + for (i = 0; i < nsids; i++) { fstring sid_str; sid_to_string(sid_str, &sids[i]); diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index acb65b7f7c..85d1d848bf 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -100,7 +100,7 @@ static char **completion_fn(const char *text, int start, int end) static char* next_command (char** cmdstr) { - static pstring command; + static char command[10000]; char *p; if (!cmdstr || !(*cmdstr)) @@ -109,7 +109,7 @@ static char* next_command (char** cmdstr) p = strchr_m(*cmdstr, ';'); if (p) *p = '\0'; - pstrcpy(command, *cmdstr); + strncpy(command, *cmdstr, sizeof(command)); if (p) *cmdstr = p + 1; else diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 13624f7544..2a45c5f549 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -4452,6 +4452,112 @@ static int rpc_trustdom_add(int argc, const char **argv) } } +/** + * Add interdomain trust account to the RPC server. + * All parameters (except for argc and argv) are passed by run_rpc_command + * function. + * + * @param domain_sid The domain sid acquired from the server + * @param cli A cli_state connected to the server. + * @param mem_ctx Talloc context, destoyed on completion of the function. + * @param argc Standard main() style argc + * @param argc Standard main() style argv. Initial components are already + * stripped + * + * @return normal NTSTATUS return code + */ + +static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) { + + POLICY_HND connect_pol, domain_pol, user_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + char *acct_name; + DOM_SID trust_acct_sid; + uint32 *user_rids, num_rids, *name_types; + uint32 flags = 0x000003e8; /* Unknown */ + + if (argc != 1) { + d_printf("Usage: net rpc trustdom del \n"); + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Make valid trusting domain account (ie. uppercased and with '$' appended) + */ + + if (asprintf(&acct_name, "%s$", argv[0]) < 0) { + return NT_STATUS_NO_MEMORY; + } + + strupper_m(acct_name); + + /* Get samr policy handle */ + result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Get domain policy handle */ + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + domain_sid, &domain_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol, flags, 1, + &acct_name, &num_rids, &user_rids, + &name_types); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = cli_samr_open_user(cli, mem_ctx, &domain_pol, + MAXIMUM_ALLOWED_ACCESS, + user_rids[0], &user_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* append the rid to the domain sid */ + sid_copy(&trust_acct_sid, domain_sid); + if (!sid_append_rid(&trust_acct_sid, user_rids[0])) { + goto done; + } + + /* remove the sid */ + + result = cli_samr_remove_sid_foreign_domain(cli, mem_ctx, &user_pol, + &trust_acct_sid); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Delete user */ + + result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("Could not set trust account password: %s\n", + nt_errstr(result))); + goto done; + } + + done: + SAFE_FREE(acct_name); + return result; +} /** * Delete interdomain trust account for a remote domain. @@ -4461,15 +4567,18 @@ static int rpc_trustdom_add(int argc, const char **argv) * * @return Integer status (0 means success) **/ - + static int rpc_trustdom_del(int argc, const char **argv) { - d_printf("Sorry, not yet implemented.\n"); - d_printf("Use 'smbpasswd -x -i' instead.\n"); - return -1; + if (argc > 0) { + return run_rpc_command(NULL, PI_SAMR, 0, rpc_trustdom_del_internals, + argc, argv); + } else { + d_printf("Usage: net rpc trustdom del \n"); + return -1; + } } - /** * Establish trust relationship to a trusting domain. * Interdomain account must already be created on remote PDC. -- 2.34.1