From 33655d28b00d8d92a34b5f613ce814828c731599 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 30 Aug 2010 18:09:12 +0200 Subject: [PATCH] s3-lsa: Add and remove trusted domain account MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/rpc_server/lsa/srv_lsa_nt.c | 116 ++++++++++++++++++++++++++-- 1 file changed, 111 insertions(+), 5 deletions(-) diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index ed9ee8bb6f2..d215085ddf7 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -1598,6 +1598,78 @@ NTSTATUS _lsa_OpenTrustedDomainByName(struct pipes_struct *p, r->out.trustdom_handle); } +static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx, + const char *netbios_name, + struct trustDomainPasswords auth_struct) +{ + NTSTATUS status; + struct samu *sam_acct; + char *acct_name; + uint32_t rid; + struct dom_sid user_sid; + int i; + char *dummy; + size_t dummy_size; + + sam_acct = samu_new(mem_ctx); + if (sam_acct == NULL) { + return NT_STATUS_NO_MEMORY; + } + + acct_name = talloc_asprintf(mem_ctx, "%s$", netbios_name); + if (acct_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (!pdb_set_domain(sam_acct, get_global_sam_name(), PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (!pdb_set_acct_ctrl(sam_acct, ACB_DOMTRUST, PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (!pdb_new_rid(&rid)) { + return NT_STATUS_DS_NO_MORE_RIDS; + } + sid_compose(&user_sid, get_global_sam_sid(), rid); + if (!pdb_set_user_sid(sam_acct, &user_sid, PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + + for (i = 0; i < auth_struct.incoming.count; i++) { + switch (auth_struct.incoming.current.array[i].AuthType) { + case TRUST_AUTH_TYPE_CLEAR: + if (!convert_string_talloc(mem_ctx, + CH_UTF16LE, + CH_UNIX, + auth_struct.incoming.current.array[i].AuthInfo.clear.password, + auth_struct.incoming.current.array[i].AuthInfo.clear.size, + &dummy, + &dummy_size, + false)) { + return NT_STATUS_UNSUCCESSFUL; + } + if (!pdb_set_plaintext_passwd(sam_acct, dummy)) { + return NT_STATUS_UNSUCCESSFUL; + } + break; + default: + continue; + } + } + + status = pdb_add_sam_account(sam_acct); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return NT_STATUS_OK; +} + /*************************************************************************** _lsa_CreateTrustedDomainEx2 ***************************************************************************/ @@ -1711,6 +1783,15 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p, return status; } + if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) { + status = add_trusted_domain_user(p->mem_ctx, + r->in.info->netbios_name.string, + auth_struct); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + status = create_lsa_policy_handle(p->mem_ctx, p, LSA_HANDLE_TRUST_TYPE, acc_granted, @@ -1782,7 +1863,9 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p, { NTSTATUS status; struct lsa_info *handle; - struct trustdom_info *info; + struct pdb_trusted_domain *td; + struct samu *sam_acct; + char *acct_name; /* find the connection policy handle. */ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) { @@ -1797,14 +1880,37 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - status = lsa_lookup_trusted_domain_by_sid(p->mem_ctx, - r->in.dom_sid, - &info); + status = pdb_get_trusted_domain_by_sid(p->mem_ctx, r->in.dom_sid, &td); if (!NT_STATUS_IS_OK(status)) { return status; } - status = pdb_del_trusted_domain(info->name); + if (td->netbios_name == NULL || *td->netbios_name == '\0') { + DEBUG(10, ("Missing netbios name for for trusted domain %s.\n", + sid_string_tos(r->in.dom_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + if (td->trust_direction & LSA_TRUST_DIRECTION_INBOUND) { + sam_acct = samu_new(p->mem_ctx); + if (sam_acct == NULL) { + return NT_STATUS_NO_MEMORY; + } + + acct_name = talloc_asprintf(p->mem_ctx, "%s$", td->netbios_name); + if (acct_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + status = pdb_delete_sam_account(sam_acct); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + status = pdb_del_trusted_domain(td->netbios_name); if (!NT_STATUS_IS_OK(status)) { return status; } -- 2.34.1