static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle dom_pol; struct policy_handle user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 access_desired = 0x000f000f; DOM_SID sid; struct lsa_PrivilegeSet *privs = NULL; int i; if (argc != 2 ) { printf("Usage: %s SID\n", argv[0]); return NT_STATUS_OK; } result = name_to_sid(cli, mem_ctx, &sid, argv[1]); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_OpenAccount(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx, &user_pol, &privs); if (!NT_STATUS_IS_OK(result)) goto done; /* Print results */ printf("found %d privileges for SID %s\n\n", privs->count, argv[1]); printf("high\tlow\tattribute\n"); for (i = 0; i < privs->count; i++) { printf("%u\t%u\t%u\n", privs->set[i].luid.high, privs->set[i].luid.low, privs->set[i].attribute); } rpccli_lsa_Close(cli, mem_ctx, &dom_pol); done: return result; }
static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol, trustdom_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; union lsa_TrustedDomainInfo *info = NULL; DOM_SID dom_sid; enum lsa_TrustDomInfoEnum info_class = 1; uint8_t nt_hash[16]; if (argc > 3 || argc < 2) { printf("Usage: %s [sid] [info_class]\n", argv[0]); return NT_STATUS_OK; } if (!string_to_sid(&dom_sid, argv[1])) return NT_STATUS_NO_MEMORY; if (argc == 3) info_class = atoi(argv[2]); result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx, &pol, &dom_sid, access_mask, &trustdom_pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx, &trustdom_pol, info_class, &info); if (!NT_STATUS_IS_OK(result)) goto done; if (!rpccli_get_pwd_hash(cli, nt_hash)) { d_fprintf(stderr, "Could not get pwd hash\n"); goto done; } display_trust_dom_info(mem_ctx, info, info_class, nt_hash); done: rpccli_lsa_Close(cli, mem_ctx, &pol); return result; }
static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle; struct lsa_String name; struct lsa_DATA_BUF *val; DATA_BLOB session_key; DATA_BLOB blob = data_blob_null; char *secret; if (argc < 2) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); ZERO_STRUCT(val); status = rpccli_lsa_RetrievePrivateData(cli, mem_ctx, &handle, &name, &val); if (!NT_STATUS_IS_OK(status)) { goto done; } status = cli_get_session_key(mem_ctx, cli, &session_key); if (!NT_STATUS_IS_OK(status)) { goto done; } if (val) { blob = data_blob_const(val->data, val->length); } secret = sess_decrypt_string(mem_ctx, &blob, &session_key); if (secret) { d_printf("secret: %s\n", secret); } done: if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; union lsa_PolicyInformation *info = NULL; uint32 info_class = 3; if (argc > 2) { printf("Usage: %s [info_class]\n", argv[0]); return NT_STATUS_OK; } if (argc == 2) info_class = atoi(argv[1]); switch (info_class) { case 12: result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx, &pol, info_class, &info); break; default: result = rpccli_lsa_open_policy(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx, &pol, info_class, &info); } if (NT_STATUS_IS_OK(result)) { display_lsa_query_info(info, info_class); } rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle; struct lsa_String name; struct lsa_DATA_BUF val; DATA_BLOB session_key; DATA_BLOB enc_key; if (argc < 3) { printf("Usage: %s name secret\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); ZERO_STRUCT(val); status = cli_get_session_key(mem_ctx, cli, &session_key); if (!NT_STATUS_IS_OK(status)) { goto done; } enc_key = sess_encrypt_string(argv[2], &session_key); val.length = enc_key.length; val.size = enc_key.length; val.data = enc_key.data; status = rpccli_lsa_StorePrivateData(cli, mem_ctx, &handle, &name, &val); if (!NT_STATUS_IS_OK(status)) { goto done; } done: if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *lsa_pipe, const char *name, struct dom_sid *sid) { NTSTATUS status, result; struct policy_handle lsa_handle; struct dcerpc_binding_handle *b = lsa_pipe->binding_handle; struct lsa_RefDomainList *domains = NULL; struct lsa_TransSidArray3 sids; uint32_t count = 0; struct lsa_String names; uint32_t num_names = 1; if (!sid || !name) { return NT_STATUS_INVALID_PARAMETER; } ZERO_STRUCT(sids); init_lsa_String(&names, name); status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx, false, SEC_STD_READ_CONTROL | LSA_POLICY_VIEW_LOCAL_INFORMATION | LSA_POLICY_LOOKUP_NAMES, &lsa_handle); NT_STATUS_NOT_OK_RETURN(status); status = dcerpc_lsa_LookupNames3(b, mem_ctx, &lsa_handle, num_names, &names, &domains, &sids, LSA_LOOKUP_NAMES_ALL, /* sure ? */ &count, 0, 0, &result); NT_STATUS_NOT_OK_RETURN(status); NT_STATUS_NOT_OK_RETURN(result); if (count != 1 || sids.count != 1) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } sid_copy(sid, sids.sids[0].sid); return NT_STATUS_OK; }
static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle dom_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct lsa_RightSet rights; DOM_SID sid; int i; if (argc < 3 ) { printf("Usage: %s SID [rights...]\n", argv[0]); return NT_STATUS_OK; } result = name_to_sid(cli, mem_ctx, &sid, argv[1]); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(result)) goto done; rights.count = argc-2; rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge, rights.count); if (!rights.names) { return NT_STATUS_NO_MEMORY; } for (i=0; i<argc-2; i++) { init_lsa_StringLarge(&rights.names[i], argv[i+2]); } result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx, &dom_pol, &sid, false, &rights); if (!NT_STATUS_IS_OK(result)) goto done; rpccli_lsa_Close(cli, mem_ctx, &dom_pol); done: return result; }
static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle, sec_handle; struct lsa_String name; if (argc < 2) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); status = rpccli_lsa_OpenSecret(cli, mem_ctx, &handle, name, SEC_FLAG_MAXIMUM_ALLOWED, &sec_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } status = rpccli_lsa_DeleteObject(cli, mem_ctx, &sec_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } done: if (is_valid_policy_hnd(&sec_handle)) { rpccli_lsa_Close(cli, mem_ctx, &sec_handle); } if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle, trustdom_handle; struct dom_sid sid; struct lsa_DomainInfo info; if (argc < 3) { printf("Usage: %s name sid\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_StringLarge(&info.name, argv[1]); info.sid = &sid; string_to_sid(&sid, argv[2]); status = rpccli_lsa_CreateTrustedDomain(cli, mem_ctx, &handle, &info, SEC_FLAG_MAXIMUM_ALLOWED, &trustdom_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } done: if (is_valid_policy_hnd(&trustdom_handle)) { rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle); } if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle dom_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID sid; struct lsa_RightSet rights; int i; if (argc != 2 ) { printf("Usage: %s SID\n", argv[0]); return NT_STATUS_OK; } result = name_to_sid(cli, mem_ctx, &sid, argv[1]); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_EnumAccountRights(cli, mem_ctx, &dom_pol, &sid, &rights); if (!NT_STATUS_IS_OK(result)) goto done; printf("found %d privileges for SID %s\n", rights.count, sid_string_tos(&sid)); for (i = 0; i < rights.count; i++) { printf("\t%s\n", rights.names[i].string); } rpccli_lsa_Close(cli, mem_ctx, &dom_pol); done: return result; }
static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle dom_pol; struct policy_handle user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 des_access = 0x000f000f; DOM_SID sid; if (argc != 2 ) { printf("Usage: %s SID\n", argv[0]); return NT_STATUS_OK; } result = name_to_sid(cli, mem_ctx, &sid, argv[1]); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_CreateAccount(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; printf("Account for SID %s successfully created\n\n", argv[1]); result = NT_STATUS_OK; rpccli_lsa_Close(cli, mem_ctx, &dom_pol); done: return result; }
static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; SEC_DESC_BUF *sdb; uint32 sec_info = DACL_SECURITY_INFORMATION; if (argc < 1 || argc > 2) { printf("Usage: %s [sec_info]\n", argv[0]); return NT_STATUS_OK; } result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (argc == 2) sscanf(argv[1], "%x", &sec_info); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_QuerySecurity(cli, mem_ctx, &pol, sec_info, &sdb); if (!NT_STATUS_IS_OK(result)) goto done; /* Print results */ display_sec_desc(sdb->sd); rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct lsa_LUID luid; struct lsa_String name; if (argc != 2 ) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; init_lsa_String(&name, argv[1]); result = rpccli_lsa_LookupPrivValue(cli, mem_ctx, &pol, &name, &luid); if (!NT_STATUS_IS_OK(result)) goto done; /* Print results */ printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low); rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
static NTSTATUS rpc_rights_revoke_internal(struct net_context *c, const struct dom_sid *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv ) { struct policy_handle dom_pol; NTSTATUS status, result; struct lsa_RightSet rights; struct dom_sid sid; int i; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; if (argc < 2 ) { d_printf("%s\n%s", _("Usage:"), _(" net rpc rights revoke <name|SID> <rights...>\n")); return NT_STATUS_OK; } status = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]); if (!NT_STATUS_IS_OK(status)) return status; status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(status)) return status; rights.count = argc-1; rights.names = talloc_array(mem_ctx, struct lsa_StringLarge, rights.count); if (!rights.names) { return NT_STATUS_NO_MEMORY; } for (i=0; i<argc-1; i++) { init_lsa_StringLarge(&rights.names[i], argv[i+1]); } status = dcerpc_lsa_RemoveAccountRights(b, mem_ctx, &dom_pol, &sid, false, &rights, &result); if (!NT_STATUS_IS_OK(status)) goto done; if (!NT_STATUS_IS_OK(result)) { status = result; goto done; } d_printf(_("Successfully revoked rights.\n")); done: if ( !NT_STATUS_IS_OK(status) ) { d_fprintf(stderr,_("Failed to revoke privileges for %s (%s)\n"), argv[0], nt_errstr(status)); } dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result); return status; }
static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle dom_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct lsa_PrivilegeSet privs; struct lsa_LUIDAttribute *set = NULL; DOM_SID sid; int i; ZERO_STRUCT(privs); if (argc < 3 ) { printf("Usage: %s SID [rights...]\n", argv[0]); return NT_STATUS_OK; } result = name_to_sid(cli, mem_ctx, &sid, argv[1]); if (!NT_STATUS_IS_OK(result)) { goto done; } result = rpccli_lsa_open_policy2(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } result = rpccli_lsa_OpenAccount(cli, mem_ctx, &dom_pol, &sid, SEC_FLAG_MAXIMUM_ALLOWED, &user_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } for (i=2; i<argc; i++) { struct lsa_String priv_name; struct lsa_LUID luid; init_lsa_String(&priv_name, argv[i]); result = rpccli_lsa_LookupPrivValue(cli, mem_ctx, &dom_pol, &priv_name, &luid); if (!NT_STATUS_IS_OK(result)) { continue; } privs.count++; set = TALLOC_REALLOC_ARRAY(mem_ctx, set, struct lsa_LUIDAttribute, privs.count); if (!set) { return NT_STATUS_NO_MEMORY; } set[privs.count-1].luid = luid; set[privs.count-1].attribute = 0; } privs.set = set; result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx, &user_pol, false, &privs); if (!NT_STATUS_IS_OK(result)) { goto done; } rpccli_lsa_Close(cli, mem_ctx, &user_pol); rpccli_lsa_Close(cli, mem_ctx, &dom_pol); done: return result; }
static NTSTATUS rpc_rights_revoke_internal(struct net_context *c, const DOM_SID *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv ) { struct policy_handle dom_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct lsa_RightSet rights; DOM_SID sid; int i; if (argc < 2 ) { d_printf(_("Usage: net rpc rights revoke <name|SID> " "<rights...>\n")); return NT_STATUS_OK; } result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]); if (!NT_STATUS_IS_OK(result)) return result; result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &dom_pol); if (!NT_STATUS_IS_OK(result)) return result; rights.count = argc-1; rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge, rights.count); if (!rights.names) { return NT_STATUS_NO_MEMORY; } for (i=0; i<argc-1; i++) { init_lsa_StringLarge(&rights.names[i], argv[i+1]); } result = rpccli_lsa_RemoveAccountRights(pipe_hnd, mem_ctx, &dom_pol, &sid, false, &rights); if (!NT_STATUS_IS_OK(result)) goto done; d_printf(_("Successfully revoked rights.\n")); done: if ( !NT_STATUS_IS_OK(result) ) { d_fprintf(stderr,_("Failed to revoke privileges for %s (%s)\n"), argv[0], nt_errstr(result)); } rpccli_lsa_Close(pipe_hnd, mem_ctx, &dom_pol); return result; }
static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle, sec_handle; struct lsa_String name; struct lsa_DATA_BUF_PTR new_val; NTTIME new_mtime = 0; struct lsa_DATA_BUF_PTR old_val; NTTIME old_mtime = 0; DATA_BLOB session_key; DATA_BLOB new_blob = data_blob_null; DATA_BLOB old_blob = data_blob_null; char *new_secret, *old_secret; if (argc < 2) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); status = rpccli_lsa_OpenSecret(cli, mem_ctx, &handle, name, SEC_FLAG_MAXIMUM_ALLOWED, &sec_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } ZERO_STRUCT(new_val); ZERO_STRUCT(old_val); status = rpccli_lsa_QuerySecret(cli, mem_ctx, &sec_handle, &new_val, &new_mtime, &old_val, &old_mtime); if (!NT_STATUS_IS_OK(status)) { goto done; } status = cli_get_session_key(mem_ctx, cli, &session_key); if (!NT_STATUS_IS_OK(status)) { goto done; } if (new_val.buf) { new_blob = data_blob_const(new_val.buf->data, new_val.buf->length); } if (old_val.buf) { old_blob = data_blob_const(old_val.buf->data, old_val.buf->length); } new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key); old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key); if (new_secret) { d_printf("new secret: %s\n", new_secret); } if (old_secret) { d_printf("old secret: %s\n", old_secret); } done: if (is_valid_policy_hnd(&sec_handle)) { rpccli_lsa_Close(cli, mem_ctx, &sec_handle); } if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle, trustdom_handle; struct lsa_String name; struct dom_sid *sid = NULL; if (argc < 2) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx, &handle, name, SEC_FLAG_MAXIMUM_ALLOWED, &trustdom_handle); if (NT_STATUS_IS_OK(status)) { goto delete_object; } { uint32_t resume_handle = 0; struct lsa_DomainList domains; int i; status = rpccli_lsa_EnumTrustDom(cli, mem_ctx, &handle, &resume_handle, &domains, 0xffff); if (!NT_STATUS_IS_OK(status)) { goto done; } for (i=0; i < domains.count; i++) { if (strequal(domains.domains[i].name.string, argv[1])) { sid = domains.domains[i].sid; break; } } if (!sid) { return NT_STATUS_INVALID_SID; } } status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx, &handle, sid, SEC_FLAG_MAXIMUM_ALLOWED, &trustdom_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } delete_object: status = rpccli_lsa_DeleteObject(cli, mem_ctx, &trustdom_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } done: if (is_valid_policy_hnd(&trustdom_handle)) { rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle); } if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }