static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle, trustdom_handle;
struct lsa_String name;
struct dom_sid *sid = NULL;
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_String(&name, argv[1]);
status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx,
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
&trustdom_handle);
if (NT_STATUS_IS_OK(status)) {
goto delete_object;
}
{
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
int i;
status = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
&handle,
&resume_handle,
&domains,
0xffff);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
for (i=0; i < domains.count; i++) {
if (strequal(domains.domains[i].name.string, argv[1])) {
sid = domains.domains[i].sid;
break;
}
}
if (!sid) {
return NT_STATUS_INVALID_SID;
}
}
status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
&handle,
sid,
SEC_FLAG_MAXIMUM_ALLOWED,
&trustdom_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
delete_object:
status = rpccli_lsa_DeleteObject(cli, mem_ctx,
&trustdom_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
done:
if (is_valid_policy_hnd(&trustdom_handle)) {
rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
}
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct lsa_DomainList domain_list;
/* defaults, but may be changed using params */
uint32 enum_ctx = 0;
int i;
uint32_t max_size = (uint32_t)-1;
if (argc > 2) {
printf("Usage: %s [enum context (0)]\n", argv[0]);
return NT_STATUS_OK;
}
if (argc == 2 && argv[1]) {
enum_ctx = atoi(argv[2]);
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
LSA_POLICY_VIEW_LOCAL_INFORMATION,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = STATUS_MORE_ENTRIES;
while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
/* Lookup list of trusted domains */
result = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
&pol,
&enum_ctx,
&domain_list,
max_size);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
goto done;
/* Print results: list of names and sids returned in this
* response. */
for (i = 0; i < domain_list.count; i++) {
fstring sid_str;
sid_to_fstring(sid_str, domain_list.domains[i].sid);
printf("%s %s\n",
domain_list.domains[i].name.string ?
domain_list.domains[i].name.string : "*unknown*",
sid_str);
}
}
rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
char ***domain_names, uint32 *num_domains,
DOM_SID **sids )
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring dc_name;
struct sockaddr_storage dc_ss;
uint32 enum_ctx = 0;
struct cli_state *cli = NULL;
struct rpc_pipe_client *lsa_pipe;
bool retry;
struct lsa_DomainList dom_list;
int i;
*domain_names = NULL;
*num_domains = 0;
*sids = NULL;
/* lookup a DC first */
if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) {
DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n",
domain));
return False;
}
/* setup the anonymous connection */
result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ss, 0, "IPC$", "IPC",
"", "", "", 0, Undefined, &retry);
if ( !NT_STATUS_IS_OK(result) )
goto done;
/* open the LSARPC_PIPE */
result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
&lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* get a handle */
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol);
if ( !NT_STATUS_IS_OK(result) )
goto done;
/* Lookup list of trusted domains */
result = rpccli_lsa_EnumTrustDom(lsa_pipe, mem_ctx,
&pol,
&enum_ctx,
&dom_list,
(uint32_t)-1);
if ( !NT_STATUS_IS_OK(result) )
goto done;
*num_domains = dom_list.count;
*domain_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_domains);
if (!*domain_names) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
*sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, *num_domains);
if (!*sids) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i< *num_domains; i++) {
(*domain_names)[i] = CONST_DISCARD(char *, dom_list.domains[i].name.string);
(*sids)[i] = *dom_list.domains[i].sid;
}
done:
/* cleanup */
if (cli) {
DEBUG(10,("enumerate_domain_trusts: shutting down connection...\n"));
cli_shutdown( cli );
}
return NT_STATUS_IS_OK(result);
}
