2 Unix SMB/Netbios implementation.
5 Copyright (C) Tim Potter 2000-2001,
6 Copyright (C) Andrew Tridgell 1992-1997,2000,
7 Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
8 Copyright (C) Paul Ashton 1997,2000,
9 Copyright (C) Elrond 2000.
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 /** @defgroup lsa LSA rpc client routines
37 * RPC client routines for the LSA RPC pipe. LSA means "local
38 * security authority", which is half of a password database.
41 /** Opens a SMB connection and connects to the LSARPC pipe.
43 * @param cli Uninitialised client handle.
44 * @param system_name NETBIOS name of the machine to connect to.
45 * @param creds User credentials to connect as.
46 * @returns Initialised client handle.
48 struct cli_state
*cli_lsa_initialise(struct cli_state
*cli
, char *system_name
,
49 struct ntuser_creds
*creds
)
51 return cli_pipe_initialise(cli
, system_name
, PIPE_LSARPC
, creds
);
54 /** Open a LSA policy handle
56 * @param cli Handle on an initialised SMB connection */
58 NTSTATUS
cli_lsa_open_policy(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
59 BOOL sec_qos
, uint32 des_access
, POLICY_HND
*pol
)
61 prs_struct qbuf
, rbuf
;
70 /* Initialise parse structures */
72 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
73 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
75 /* Initialise input parameters */
78 init_lsa_sec_qos(&qos
, 2, 1, 0, des_access
);
79 init_q_open_pol(&q
, '\\', 0, des_access
, &qos
);
81 init_q_open_pol(&q
, '\\', 0, des_access
, NULL
);
84 /* Marshall data and send request */
86 if (!lsa_io_q_open_pol("", &q
, &qbuf
, 0) ||
87 !rpc_api_pipe_req(cli
, LSA_OPENPOLICY
, &qbuf
, &rbuf
)) {
88 result
= NT_STATUS_UNSUCCESSFUL
;
92 /* Unmarshall response */
94 if (!lsa_io_r_open_pol("", &r
, &rbuf
, 0)) {
95 result
= NT_STATUS_UNSUCCESSFUL
;
99 /* Return output parameters */
101 if (NT_STATUS_IS_OK(result
= r
.status
)) {
112 /** Open a LSA policy handle */
114 NTSTATUS
cli_lsa_open_policy2(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
115 BOOL sec_qos
, uint32 des_access
, POLICY_HND
*pol
)
117 prs_struct qbuf
, rbuf
;
126 /* Initialise parse structures */
128 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
129 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
131 /* Initialise input parameters */
134 init_lsa_sec_qos(&qos
, 2, 1, 0, des_access
);
135 init_q_open_pol2(&q
, cli
->clnt_name_slash
, 0, des_access
,
138 init_q_open_pol2(&q
, cli
->clnt_name_slash
, 0, des_access
,
142 /* Marshall data and send request */
144 if (!lsa_io_q_open_pol2("", &q
, &qbuf
, 0) ||
145 !rpc_api_pipe_req(cli
, LSA_OPENPOLICY2
, &qbuf
, &rbuf
)) {
146 result
= NT_STATUS_UNSUCCESSFUL
;
150 /* Unmarshall response */
152 if (!lsa_io_r_open_pol2("", &r
, &rbuf
, 0)) {
153 result
= NT_STATUS_UNSUCCESSFUL
;
157 /* Return output parameters */
159 if (NT_STATUS_IS_OK(result
= r
.status
)) {
170 /** Close a LSA policy handle */
172 NTSTATUS
cli_lsa_close(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
175 prs_struct qbuf
, rbuf
;
183 /* Initialise parse structures */
185 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
186 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
188 /* Marshall data and send request */
190 init_lsa_q_close(&q
, pol
);
192 if (!lsa_io_q_close("", &q
, &qbuf
, 0) ||
193 !rpc_api_pipe_req(cli
, LSA_CLOSE
, &qbuf
, &rbuf
)) {
194 result
= NT_STATUS_UNSUCCESSFUL
;
198 /* Unmarshall response */
200 if (!lsa_io_r_close("", &r
, &rbuf
, 0)) {
201 result
= NT_STATUS_UNSUCCESSFUL
;
205 /* Return output parameters */
207 if (NT_STATUS_IS_OK(result
= r
.status
)) {
218 /** Lookup a list of sids */
220 NTSTATUS
cli_lsa_lookup_sids(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
221 POLICY_HND
*pol
, int num_sids
, DOM_SID
*sids
,
222 char ***names
, uint32
**types
, int *num_names
)
224 prs_struct qbuf
, rbuf
;
228 LSA_TRANS_NAME_ENUM t_names
;
235 /* Initialise parse structures */
237 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
238 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
240 /* Marshall data and send request */
242 init_q_lookup_sids(mem_ctx
, &q
, pol
, num_sids
, sids
, 1);
244 if (!lsa_io_q_lookup_sids("", &q
, &qbuf
, 0) ||
245 !rpc_api_pipe_req(cli
, LSA_LOOKUPSIDS
, &qbuf
, &rbuf
)) {
246 result
= NT_STATUS_UNSUCCESSFUL
;
250 /* Unmarshall response */
253 ZERO_STRUCT(t_names
);
258 if (!lsa_io_r_lookup_sids("", &r
, &rbuf
, 0)) {
259 result
= NT_STATUS_UNSUCCESSFUL
;
265 if (!NT_STATUS_IS_OK(result
) &&
266 NT_STATUS_V(result
) != NT_STATUS_V(NT_STATUS_FILES_OPEN
)) {
267 /* An actual error occured */
273 /* Return output parameters */
275 if (r
.mapped_count
== 0) {
276 result
= NT_STATUS_NONE_MAPPED
;
280 (*num_names
) = r
.mapped_count
;
281 result
= NT_STATUS_OK
;
283 if (!((*names
) = (char **)talloc(mem_ctx
, sizeof(char *) * r
.mapped_count
))) {
284 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
285 result
= NT_STATUS_UNSUCCESSFUL
;
289 if (!((*types
) = (uint32
*)talloc(mem_ctx
, sizeof(uint32
) * r
.mapped_count
))) {
290 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
291 result
= NT_STATUS_UNSUCCESSFUL
;
295 for (i
= 0; i
< r
.mapped_count
; i
++) {
296 fstring name
, dom_name
, full_name
;
297 uint32 dom_idx
= t_names
.name
[i
].domain_idx
;
299 /* Translate optimised name through domain index array */
301 if (dom_idx
!= 0xffffffff) {
303 unistr2_to_ascii(dom_name
, &ref
.ref_dom
[dom_idx
].uni_dom_name
, sizeof(dom_name
)- 1);
304 unistr2_to_ascii(name
, &t_names
.uni_name
[i
], sizeof(name
) - 1);
306 slprintf(full_name
, sizeof(full_name
) - 1,
308 (dom_name
[0] && name
[0]) ?
309 lp_winbind_separator() : "", name
);
311 (*names
)[i
] = talloc_strdup(mem_ctx
, full_name
);
312 (*types
)[i
] = t_names
.name
[i
].sid_name_use
;
316 (*types
)[i
] = SID_NAME_UNKNOWN
;
327 /** Lookup a list of names */
329 NTSTATUS
cli_lsa_lookup_names(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
330 POLICY_HND
*pol
, int num_names
, char **names
,
331 DOM_SID
**sids
, uint32
**types
, int *num_sids
)
333 prs_struct qbuf
, rbuf
;
334 LSA_Q_LOOKUP_NAMES q
;
335 LSA_R_LOOKUP_NAMES r
;
343 /* Initialise parse structures */
345 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
346 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
348 /* Marshall data and send request */
350 init_q_lookup_names(mem_ctx
, &q
, pol
, num_names
, names
);
352 if (!lsa_io_q_lookup_names("", &q
, &qbuf
, 0) ||
353 !rpc_api_pipe_req(cli
, LSA_LOOKUPNAMES
, &qbuf
, &rbuf
)) {
354 result
= NT_STATUS_UNSUCCESSFUL
;
358 /* Unmarshall response */
363 if (!lsa_io_r_lookup_names("", &r
, &rbuf
, 0)) {
364 result
= NT_STATUS_UNSUCCESSFUL
;
370 if (!NT_STATUS_IS_OK(result
)) {
371 /* An actual error occured */
377 /* Return output parameters */
379 if (r
.mapped_count
== 0) {
380 result
= NT_STATUS_NONE_MAPPED
;
384 (*num_sids
) = r
.mapped_count
;
385 result
= NT_STATUS_OK
;
387 if (!((*sids
= (DOM_SID
*)talloc(mem_ctx
, sizeof(DOM_SID
) * r
.mapped_count
)))) {
388 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
389 result
= NT_STATUS_UNSUCCESSFUL
;
393 if (!((*types
= (uint32
*)talloc(mem_ctx
, sizeof(uint32
) * r
.mapped_count
)))) {
394 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
395 result
= NT_STATUS_UNSUCCESSFUL
;
399 for (i
= 0; i
< r
.mapped_count
; i
++) {
400 DOM_RID2
*t_rids
= r
.dom_rid
;
401 uint32 dom_idx
= t_rids
[i
].rid_idx
;
402 uint32 dom_rid
= t_rids
[i
].rid
;
403 DOM_SID
*sid
= &(*sids
)[i
];
405 /* Translate optimised sid through domain index array */
407 if (dom_idx
!= 0xffffffff) {
409 sid_copy(sid
, &ref
.ref_dom
[dom_idx
].ref_dom
.sid
);
411 if (dom_rid
!= 0xffffffff) {
412 sid_append_rid(sid
, dom_rid
);
415 (*types
)[i
] = t_rids
[i
].type
;
418 (*types
)[i
] = SID_NAME_UNKNOWN
;
429 /** Query info policy */
431 NTSTATUS
cli_lsa_query_info_policy(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
432 POLICY_HND
*pol
, uint16 info_class
,
433 fstring domain_name
, DOM_SID
*domain_sid
)
435 prs_struct qbuf
, rbuf
;
443 /* Initialise parse structures */
445 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
446 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
448 /* Marshall data and send request */
450 init_q_query(&q
, pol
, info_class
);
452 if (!lsa_io_q_query("", &q
, &qbuf
, 0) ||
453 !rpc_api_pipe_req(cli
, LSA_QUERYINFOPOLICY
, &qbuf
, &rbuf
)) {
454 result
= NT_STATUS_UNSUCCESSFUL
;
458 /* Unmarshall response */
460 if (!lsa_io_r_query("", &r
, &rbuf
, 0)) {
461 result
= NT_STATUS_UNSUCCESSFUL
;
465 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
469 /* Return output parameters */
471 ZERO_STRUCTP(domain_sid
);
472 domain_name
[0] = '\0';
474 switch (info_class
) {
477 if (r
.dom
.id3
.buffer_dom_name
!= 0) {
478 unistr2_to_ascii(domain_name
,
481 sizeof (fstring
) - 1);
484 if (r
.dom
.id3
.buffer_dom_sid
!= 0) {
485 *domain_sid
= r
.dom
.id3
.dom_sid
.sid
;
492 if (r
.dom
.id5
.buffer_dom_name
!= 0) {
493 unistr2_to_ascii(domain_name
, &r
.dom
.id5
.
495 sizeof (fstring
) - 1);
498 if (r
.dom
.id5
.buffer_dom_sid
!= 0) {
499 *domain_sid
= r
.dom
.id5
.dom_sid
.sid
;
505 DEBUG(3, ("unknown info class %d\n", info_class
));
516 /** Enumerate list of trusted domains */
518 NTSTATUS
cli_lsa_enum_trust_dom(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
519 POLICY_HND
*pol
, uint32
*enum_ctx
,
520 uint32
*num_domains
, char ***domain_names
,
521 DOM_SID
**domain_sids
)
523 prs_struct qbuf
, rbuf
;
524 LSA_Q_ENUM_TRUST_DOM q
;
525 LSA_R_ENUM_TRUST_DOM r
;
532 /* Initialise parse structures */
534 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
535 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
537 /* Marshall data and send request */
539 init_q_enum_trust_dom(&q
, pol
, *enum_ctx
, 0xffffffff);
541 if (!lsa_io_q_enum_trust_dom("", &q
, &qbuf
, 0) ||
542 !rpc_api_pipe_req(cli
, LSA_ENUMTRUSTDOM
, &qbuf
, &rbuf
)) {
543 result
= NT_STATUS_UNSUCCESSFUL
;
547 /* Unmarshall response */
549 if (!lsa_io_r_enum_trust_dom("", &r
, &rbuf
, 0)) {
550 result
= NT_STATUS_UNSUCCESSFUL
;
556 if (!NT_STATUS_IS_OK(result
) &&
557 NT_STATUS_V(result
) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES
)) {
559 /* An actual error ocured */
564 result
= NT_STATUS_OK
;
566 /* Return output parameters */
570 /* Allocate memory for trusted domain names and sids */
572 *domain_names
= (char **)talloc(mem_ctx
, sizeof(char *) *
575 if (!*domain_names
) {
576 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
577 result
= NT_STATUS_UNSUCCESSFUL
;
581 *domain_sids
= (DOM_SID
*)talloc(mem_ctx
, sizeof(DOM_SID
) *
584 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
585 result
= NT_STATUS_UNSUCCESSFUL
;
589 /* Copy across names and sids */
591 for (i
= 0; i
< r
.num_domains
; i
++) {
594 unistr2_to_ascii(tmp
, &r
.uni_domain_name
[i
],
596 (*domain_names
)[i
] = strdup(tmp
);
597 sid_copy(&(*domain_sids
)[i
], &r
.domain_sid
[i
].sid
);
601 *num_domains
= r
.num_domains
;
602 *enum_ctx
= r
.enum_context
;
611 /** Enumerate privileges*/
613 NTSTATUS
cli_lsa_enum_privilege(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
614 POLICY_HND
*pol
, uint32
*enum_context
, uint32 pref_max_length
,
615 uint32
*count
, char ***privs_name
, uint32
**privs_high
, uint32
**privs_low
)
617 prs_struct qbuf
, rbuf
;
626 /* Initialise parse structures */
628 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
629 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
631 /* Marshall data and send request */
633 init_q_enum_privs(&q
, pol
, *enum_context
, pref_max_length
);
635 if (!lsa_io_q_enum_privs("", &q
, &qbuf
, 0) ||
636 !rpc_api_pipe_req(cli
, LSA_ENUM_PRIVS
, &qbuf
, &rbuf
)) {
637 result
= NT_STATUS_UNSUCCESSFUL
;
641 /* Unmarshall response */
643 if (!lsa_io_r_enum_privs("", &r
, &rbuf
, 0)) {
644 result
= NT_STATUS_UNSUCCESSFUL
;
648 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
652 /* Return output parameters */
654 *enum_context
= r
.enum_context
;
657 if (!((*privs_name
= (char **)talloc(mem_ctx
, sizeof(char *) * r
.count
)))) {
658 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
659 result
= NT_STATUS_UNSUCCESSFUL
;
663 if (!((*privs_high
= (uint32
*)talloc(mem_ctx
, sizeof(uint32
) * r
.count
)))) {
664 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
665 result
= NT_STATUS_UNSUCCESSFUL
;
669 if (!((*privs_low
= (uint32
*)talloc(mem_ctx
, sizeof(uint32
) * r
.count
)))) {
670 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
671 result
= NT_STATUS_UNSUCCESSFUL
;
675 for (i
= 0; i
< r
.count
; i
++) {
678 unistr2_to_ascii( name
, &r
.privs
[i
].name
, sizeof(name
)-1);
680 (*privs_name
)[i
] = talloc_strdup(mem_ctx
, name
);
682 (*privs_high
)[i
] = r
.privs
[i
].luid_high
;
683 (*privs_low
)[i
] = r
.privs
[i
].luid_low
;
693 /** Get privilege name */
695 NTSTATUS
cli_lsa_get_dispname(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
696 POLICY_HND
*pol
, char *name
, uint16 lang_id
, uint16 lang_id_sys
,
697 fstring description
, uint16
*lang_id_desc
)
699 prs_struct qbuf
, rbuf
;
700 LSA_Q_PRIV_GET_DISPNAME q
;
701 LSA_R_PRIV_GET_DISPNAME r
;
707 /* Initialise parse structures */
709 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
710 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
712 /* Marshall data and send request */
714 init_lsa_priv_get_dispname(&q
, pol
, name
, lang_id
, lang_id_sys
);
716 if (!lsa_io_q_priv_get_dispname("", &q
, &qbuf
, 0) ||
717 !rpc_api_pipe_req(cli
, LSA_PRIV_GET_DISPNAME
, &qbuf
, &rbuf
)) {
718 result
= NT_STATUS_UNSUCCESSFUL
;
722 /* Unmarshall response */
724 if (!lsa_io_r_priv_get_dispname("", &r
, &rbuf
, 0)) {
725 result
= NT_STATUS_UNSUCCESSFUL
;
729 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
733 /* Return output parameters */
735 unistr2_to_ascii(description
,&r
.desc
, sizeof(description
)-1);
736 *lang_id_desc
= r
.lang_id
;
745 /** Enumerate list of SIDs */
747 NTSTATUS
cli_lsa_enum_sids(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
748 POLICY_HND
*pol
, uint32
*enum_ctx
, uint32 pref_max_length
,
749 uint32
*num_sids
, DOM_SID
**sids
)
751 prs_struct qbuf
, rbuf
;
752 LSA_Q_ENUM_ACCOUNTS q
;
753 LSA_R_ENUM_ACCOUNTS r
;
760 /* Initialise parse structures */
762 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
763 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
765 /* Marshall data and send request */
767 init_lsa_q_enum_accounts(&q
, pol
, *enum_ctx
, pref_max_length
);
769 if (!lsa_io_q_enum_accounts("", &q
, &qbuf
, 0) ||
770 !rpc_api_pipe_req(cli
, LSA_ENUM_ACCOUNTS
, &qbuf
, &rbuf
)) {
771 result
= NT_STATUS_UNSUCCESSFUL
;
775 /* Unmarshall response */
777 if (!lsa_io_r_enum_accounts("", &r
, &rbuf
, 0)) {
778 result
= NT_STATUS_UNSUCCESSFUL
;
784 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
789 /* Return output parameters */
791 *sids
= (DOM_SID
*)talloc(mem_ctx
, sizeof(DOM_SID
) * r
.sids
.num_entries
);
793 DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
794 result
= NT_STATUS_UNSUCCESSFUL
;
798 /* Copy across names and sids */
800 for (i
= 0; i
< r
.sids
.num_entries
; i
++) {
801 sid_copy(&(*sids
)[i
], &r
.sids
.sid
[i
].sid
);
804 *num_sids
= r
.sids
.num_entries
;
805 *enum_ctx
= r
.enum_context
;
814 /** Fetch a DOMAIN sid. Does complete cli setup / teardown anonymously. */
816 BOOL
fetch_domain_sid( char *domain
, char *remote_machine
, DOM_SID
*psid
)
818 extern pstring global_myname
;
819 struct cli_state cli
;
825 if(cli_initialise(&cli
) == False
) {
826 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
830 if(!resolve_name( remote_machine
, &cli
.dest_ip
, 0x20)) {
831 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine
));
835 if (!cli_connect(&cli
, remote_machine
, &cli
.dest_ip
)) {
836 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
837 machine %s. Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
841 if (!attempt_netbios_session_request(&cli
, global_myname
, remote_machine
, &cli
.dest_ip
)) {
842 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS \
843 session request. Error was %s\n", remote_machine
, cli_errstr(&cli
) ));
847 cli
.protocol
= PROTOCOL_NT1
;
849 if (!cli_negprot(&cli
)) {
850 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
851 Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
855 if (cli
.protocol
!= PROTOCOL_NT1
) {
856 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
862 * Do an anonymous session setup.
865 if (!cli_session_setup(&cli
, "", "", 0, "", 0, "")) {
866 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
867 Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
871 if (!(cli
.sec_mode
& 1)) {
872 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
877 if (!cli_send_tconX(&cli
, "IPC$", "IPC", "", 1)) {
878 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
879 Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
883 /* Fetch domain sid */
885 if (!cli_nt_session_open(&cli
, PIPE_LSARPC
)) {
886 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
890 result
= cli_lsa_open_policy(&cli
, cli
.mem_ctx
, True
, SEC_RIGHTS_QUERY_VALUE
, &lsa_pol
);
891 if (!NT_STATUS_IS_OK(result
)) {
892 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
893 get_nt_error_msg(result
) ));
897 result
= cli_lsa_query_info_policy(&cli
, cli
.mem_ctx
, &lsa_pol
, 5, domain
, psid
);
898 if (!NT_STATUS_IS_OK(result
)) {
899 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
900 get_nt_error_msg(result
) ));