From: Volker Lendecke <vl@samba.org>
Date: Sat, 28 Sep 2019 02:20:17 +0000 (-0700)
Subject: rpcclient: Make cmd_samr.c independent of global domain_sid
X-Git-Tag: talloc-2.3.1~504
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cb0b54d9acb4a0021a09f90299fec1bad3b63107;p=thirdparty%2Fsamba.git

rpcclient: Make cmd_samr.c independent of global domain_sid

Pure SAMR allows us to figure out the domain sid, we don't need LSA
for this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index cbcffa2532c..932688d7113 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -32,7 +32,7 @@
 #include "rpc_client/init_lsa.h"
 #include "../libcli/security/security.h"
 
-extern struct dom_sid domain_sid;
+static struct dom_sid domain_sid;
 
 /****************************************************************************
  display samr_user_info_7 structure
@@ -276,20 +276,87 @@ static NTSTATUS rpccli_try_samr_connects(
 	uint32_t access_mask,
 	struct policy_handle *connect_pol)
 {
+	struct dcerpc_binding_handle *b = cli->binding_handle;
 	NTSTATUS status;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32_t start_idx = 0;
+	uint32_t i, num_entries;
+	struct samr_SamArray *sam = NULL;
+	struct dom_sid *domsid = NULL;
 
-	status = dcerpc_try_samr_connects(cli->binding_handle,
-					  mem_ctx,
-					  cli->srv_name_slash,
-					  access_mask,
-					  connect_pol,
-					  &result);
+	status = dcerpc_try_samr_connects(
+		b,
+		mem_ctx,
+		cli->srv_name_slash,
+		access_mask,
+		connect_pol,
+		&result);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
+	}
 
-	return result;
+	if (!is_null_sid(&domain_sid)) {
+		return NT_STATUS_OK;
+	}
+
+	/*
+	 * Look up the servers domain SID. Just pick the first
+	 * non-builtin domain from samr_EnumDomains.
+	 */
+
+	status = dcerpc_samr_EnumDomains(
+		b,
+		mem_ctx,
+		connect_pol,
+		&start_idx,
+		&sam,
+		0xffff,
+		&num_entries,
+		&result);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	if (!NT_STATUS_IS_OK(result)) {
+		status = result;
+		goto fail;
+	}
+
+	for (i=0; i<num_entries; i++) {
+		if (!strequal(sam->entries[i].name.string, "builtin")) {
+			break;
+		}
+	}
+	if (i == num_entries) {
+		status = NT_STATUS_NOT_FOUND;
+		goto fail;
+	}
+
+	status = dcerpc_samr_LookupDomain(
+		b,
+		mem_ctx,
+		connect_pol,
+		&sam->entries[i].name,
+		&domsid,
+		&result);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+	if (!NT_STATUS_IS_OK(result)) {
+		status = result;
+		goto fail;
+	}
+
+	sid_copy(&domain_sid, domsid);
+	TALLOC_FREE(domsid);
+
+	return NT_STATUS_OK;
+
+fail:
+	dcerpc_samr_Close(b, mem_ctx, connect_pol, &result);
+	return status;
 }
 
 /****************************************************************************