search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ldb: Release ldb 1.6.3
[Samba.git] / source3 / utils / net_rpc_trust.c
blobefeb7a609ec9e9ae8b20b41a73c264816041a19f
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2011 Sumit Bose (sbose@redhat.com)
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19
20 #include "includes.h"
21 #include "utils/net.h"
22 #include "rpc_client/cli_pipe.h"
23 #include "rpc_client/cli_lsarpc.h"
24 #include "librpc/gen_ndr/ndr_drsblobs.h"
25 #include "../librpc/gen_ndr/ndr_lsa_c.h"
26 #include "../lib/crypto/crypto.h"
27 #include "../libcli/security/dom_sid.h"
28 #include "libsmb/libsmb.h"
29
30
31 #define ARG_OTHERSERVER "otherserver="
32 #define ARG_OTHERUSER "otheruser="
33 #define ARG_OTHERDOMAINSID "otherdomainsid="
34 #define ARG_OTHERDOMAIN "otherdomain="
35 #define ARG_OTHERNETBIOSDOMAIN "other_netbios_domain="
36 #define ARG_TRUSTPW "trustpw="
37
38 enum trust_op {
39 TRUST_CREATE,
40 TRUST_DELETE
41 };
42
43 struct other_dom_data {
44 char *host;
45 char *user_name;
46 char *domain_sid_str;
47 char *dns_domain_name;
48 char *domain_name;
49 };
50
51 struct dom_data {
52 struct dom_sid *domsid;
53 char *dns_domain_name;
54 char *domain_name;
55 };
56
57 static NTSTATUS close_handle(TALLOC_CTX *mem_ctx,
58 struct dcerpc_binding_handle *bind_hnd,
59 struct policy_handle *pol_hnd)
60 {
61 NTSTATUS status;
62 NTSTATUS result;
63
64 status = dcerpc_lsa_Close(bind_hnd, mem_ctx, pol_hnd, &result);
65 if (!NT_STATUS_IS_OK(status)) {
66 DEBUG(0, ("dcerpc_lsa_Close failed with error [%s].\n",
67 nt_errstr(status)));
68 return status;
69 }
70 if (!NT_STATUS_IS_OK(result)) {
71 DEBUG(0, ("lsa close failed with error [%s].\n",
72 nt_errstr(result)));
73 return result;
74 }
75
76 return NT_STATUS_OK;
77 }
78
79 static NTSTATUS delete_trust(TALLOC_CTX *mem_ctx,
80 struct dcerpc_binding_handle *bind_hnd,
81 struct policy_handle *pol_hnd,
82 struct dom_sid *domsid)
83 {
84 NTSTATUS status;
85 struct lsa_DeleteTrustedDomain dr;
86
87 dr.in.handle = pol_hnd;
88 dr.in.dom_sid = domsid;
89
90 status = dcerpc_lsa_DeleteTrustedDomain_r(bind_hnd, mem_ctx, &dr);
91 if (!NT_STATUS_IS_OK(status)) {
92 DEBUG(0, ("dcerpc_lsa_DeleteTrustedDomain_r failed with [%s]\n",
93 nt_errstr(status)));
94 return status;
95 }
96 if (!NT_STATUS_IS_OK(dr.out.result)) {
97 DEBUG(0, ("DeleteTrustedDomain returned [%s]\n",
98 nt_errstr(dr.out.result)));
99 return dr.out.result;
100 }
101
102 return NT_STATUS_OK;
103 }
104
105 static NTSTATUS create_trust(TALLOC_CTX *mem_ctx,
106 struct dcerpc_binding_handle *bind_hnd,
107 struct policy_handle *pol_hnd,
108 const char *trust_name,
109 const char *trust_name_dns,
110 struct dom_sid *domsid,
111 struct lsa_TrustDomainInfoAuthInfoInternal *authinfo)
112 {
113 NTSTATUS status;
114 struct lsa_CreateTrustedDomainEx2 r;
115 struct lsa_TrustDomainInfoInfoEx trustinfo;
116 struct policy_handle trustdom_handle;
117
118 trustinfo.sid = domsid;
119 trustinfo.netbios_name.string = trust_name;
120 trustinfo.domain_name.string = trust_name_dns;
121
122 trustinfo.trust_direction = LSA_TRUST_DIRECTION_INBOUND |
123 LSA_TRUST_DIRECTION_OUTBOUND;
124
125 trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL;
126
127 trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
128
129 r.in.policy_handle = pol_hnd;
130 r.in.info = &trustinfo;
131 r.in.auth_info_internal = authinfo;
132 r.in.access_mask = LSA_TRUSTED_SET_POSIX | LSA_TRUSTED_SET_AUTH |
133 LSA_TRUSTED_QUERY_DOMAIN_NAME;
134 r.out.trustdom_handle = &trustdom_handle;
135
136 status = dcerpc_lsa_CreateTrustedDomainEx2_r(bind_hnd, mem_ctx, &r);
137 if (!NT_STATUS_IS_OK(status)) {
138 DEBUG(0, ("dcerpc_lsa_CreateTrustedDomainEx2_r failed "
139 "with error [%s].\n", nt_errstr(status)));
140 return status;
141 }
142 if (!NT_STATUS_IS_OK(r.out.result)) {
143 DEBUG(0, ("CreateTrustedDomainEx2_r returned [%s].\n",
144 nt_errstr(r.out.result)));
145 return r.out.result;
146 }
147
148 return NT_STATUS_OK;
149 }
150
151 static NTSTATUS get_domain_info(TALLOC_CTX *mem_ctx,
152 struct dcerpc_binding_handle *bind_hdn,
153 struct policy_handle *pol_hnd,
154 struct dom_data *dom_data)
155 {
156 NTSTATUS status;
157 struct lsa_QueryInfoPolicy2 qr;
158 struct dom_sid_buf buf;
159
160 qr.in.handle = pol_hnd;
161 qr.in.level = LSA_POLICY_INFO_DNS;
162
163 status = dcerpc_lsa_QueryInfoPolicy2_r(bind_hdn, mem_ctx, &qr);
164 if (!NT_STATUS_IS_OK(status)) {
165 DEBUG(0, ("dcerpc_lsa_QueryInfoPolicy2_r failed "
166 "with error [%s].\n", nt_errstr(status)));
167 return status;
168 }
169
170 if (!NT_STATUS_IS_OK(qr.out.result)) {
171 DEBUG(0, ("QueryInfoPolicy2 returned [%s].\n",
172 nt_errstr(qr.out.result)));
173 return qr.out.result;
174 }
175
176 dom_data->domain_name = talloc_strdup(mem_ctx,
177 (*qr.out.info)->dns.name.string);
178 dom_data->dns_domain_name = talloc_strdup(mem_ctx,
179 (*qr.out.info)->dns.dns_domain.string);
180 dom_data->domsid = dom_sid_dup(mem_ctx, (*qr.out.info)->dns.sid);
181 if (dom_data->domain_name == NULL ||
182 dom_data->dns_domain_name == NULL ||
183 dom_data->domsid == NULL) {
184 DEBUG(0, ("Copying domain data failed.\n"));
185 return NT_STATUS_NO_MEMORY;
186 }
187
188 DEBUG(0, ("Got the following domain info [%s][%s][%s].\n",
189 dom_data->domain_name, dom_data->dns_domain_name,
190 dom_sid_str_buf(dom_data->domsid, &buf)));
191
192 return NT_STATUS_OK;
193 }
194
195 static NTSTATUS connect_and_get_info(TALLOC_CTX *mem_ctx,
196 struct net_context *net_ctx,
197 struct cli_state **cli,
198 struct rpc_pipe_client **pipe_hnd,
199 struct policy_handle *pol_hnd,
200 struct dom_data *dom_data,
201 DATA_BLOB *session_key)
202 {
203 NTSTATUS status;
204 NTSTATUS result;
205
206 status = net_make_ipc_connection_ex(net_ctx, NULL, NULL, NULL,
207 NET_FLAGS_PDC, cli);
208 if (!NT_STATUS_IS_OK(status)) {
209 DEBUG(0, ("Failed to connect to [%s] with error [%s]\n",
210 net_ctx->opt_host, nt_errstr(status)));
211 return status;
212 }
213
214 status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, pipe_hnd);
215 if (!NT_STATUS_IS_OK(status)) {
216 DEBUG(0, ("Failed to initialise lsa pipe with error [%s]\n",
217 nt_errstr(status)));
218 return status;
219 }
220
221 status = dcerpc_lsa_open_policy2((*pipe_hnd)->binding_handle,
222 mem_ctx,
223 (*pipe_hnd)->srv_name_slash,
224 false,
225 (LSA_POLICY_VIEW_LOCAL_INFORMATION |
226 LSA_POLICY_TRUST_ADMIN |
227 LSA_POLICY_CREATE_SECRET),
228 pol_hnd,
229 &result);
230 if (!NT_STATUS_IS_OK(status)) {
231 DEBUG(0, ("Failed to open policy handle with error [%s]\n",
232 nt_errstr(status)));
233 return status;
234 }
235 if (!NT_STATUS_IS_OK(result)) {
236 DEBUG(0, ("lsa_open_policy2 with error [%s]\n",
237 nt_errstr(result)));
238 return result;
239 }
240
241 status = get_domain_info(mem_ctx, (*pipe_hnd)->binding_handle,
242 pol_hnd, dom_data);
243 if (!NT_STATUS_IS_OK(status)) {
244 DEBUG(0, ("get_domain_info failed with error [%s].\n",
245 nt_errstr(status)));
246 return status;
247 }
248
249 status = cli_get_session_key(mem_ctx, *pipe_hnd, session_key);
250 if (!NT_STATUS_IS_OK(status)) {
251 DEBUG(0,("Error getting session_key of LSA pipe. Error was %s\n",
252 nt_errstr(status)));
253 return status;
254 }
255
256 return NT_STATUS_OK;
257 }
258
259 static bool get_trust_domain_passwords_auth_blob(TALLOC_CTX *mem_ctx,
260 const char *password,
261 DATA_BLOB *auth_blob)
262 {
263 struct trustDomainPasswords auth_struct;
264 struct AuthenticationInformation *auth_info_array;
265 enum ndr_err_code ndr_err;
266 size_t converted_size;
267
268 generate_random_buffer(auth_struct.confounder,
269 sizeof(auth_struct.confounder));
270
271 auth_info_array = talloc_array(mem_ctx,
272 struct AuthenticationInformation, 1);
273 if (auth_info_array == NULL) {
274 return false;
275 }
276
277 auth_info_array[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
278 if (!convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16, password,
279 strlen(password),
280 &auth_info_array[0].AuthInfo.clear.password,
281 &converted_size)) {
282 return false;
283 }
284
285 auth_info_array[0].AuthInfo.clear.size = converted_size;
286
287 auth_struct.outgoing.count = 1;
288 auth_struct.outgoing.current.count = 1;
289 auth_struct.outgoing.current.array = auth_info_array;
290 auth_struct.outgoing.previous.count = 0;
291 auth_struct.outgoing.previous.array = NULL;
292
293 auth_struct.incoming.count = 1;
294 auth_struct.incoming.current.count = 1;
295 auth_struct.incoming.current.array = auth_info_array;
296 auth_struct.incoming.previous.count = 0;
297 auth_struct.incoming.previous.array = NULL;
298
299 ndr_err = ndr_push_struct_blob(auth_blob, mem_ctx, &auth_struct,
300 (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
301 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
302 return false;
303 }
304
305 return true;
306 }
307
308 static int parse_trust_args(TALLOC_CTX *mem_ctx, int argc, const char **argv, struct other_dom_data **_o, char **_trustpw)
309 {
310 size_t c;
311 struct other_dom_data *o = NULL;
312 char *trustpw = NULL;
313 int ret = EFAULT;
314
315 if (argc == 0) {
316 return EINVAL;
317 }
318
319 o = talloc_zero(mem_ctx, struct other_dom_data);
320 if (o == NULL) {
321 DEBUG(0, ("talloc_zero failed.\n"));
322 return ENOMEM;
323 }
324
325 for (c = 0; c < argc; c++) {
326 if (strnequal(argv[c], ARG_OTHERSERVER, sizeof(ARG_OTHERSERVER)-1)) {
327 o->host = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERSERVER)-1);
328 if (o->host == NULL) {
329 ret = ENOMEM;
330 goto failed;
331 }
332 } else if (strnequal(argv[c], ARG_OTHERUSER, sizeof(ARG_OTHERUSER)-1)) {
333 o->user_name = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERUSER)-1);
334 if (o->user_name == NULL) {
335 ret = ENOMEM;
336 goto failed;
337 }
338 } else if (strnequal(argv[c], ARG_OTHERDOMAINSID, sizeof(ARG_OTHERDOMAINSID)-1)) {
339 o->domain_sid_str = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERDOMAINSID)-1);
340 if (o->domain_sid_str == NULL) {
341 ret = ENOMEM;
342 goto failed;
343 }
344 } else if (strnequal(argv[c], ARG_OTHERDOMAIN, sizeof(ARG_OTHERDOMAIN)-1)) {
345 o->dns_domain_name = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERDOMAIN)-1);
346 if (o->dns_domain_name == NULL) {
347 ret = ENOMEM;
348 goto failed;
349 }
350 } else if (strnequal(argv[c], ARG_OTHERNETBIOSDOMAIN, sizeof(ARG_OTHERNETBIOSDOMAIN)-1)) {
351 o->domain_name = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERNETBIOSDOMAIN)-1);
352 if (o->domain_name == NULL) {
353 ret = ENOMEM;
354 goto failed;
355 }
356 } else if (strnequal(argv[c], ARG_TRUSTPW, sizeof(ARG_TRUSTPW)-1)) {
357 trustpw = talloc_strdup(mem_ctx, argv[c] + sizeof(ARG_TRUSTPW)-1);
358 if (trustpw == NULL) {
359 ret = ENOMEM;
360 goto failed;
361 }
362 } else {
363 DEBUG(0, ("Unsupported option [%s].\n", argv[c]));
364 ret = EINVAL;
365 goto failed;
366 }
367 }
368
369 *_o = o;
370 *_trustpw = trustpw;
371
372 return 0;
373
374 failed:
375 talloc_free(o);
376 talloc_free(trustpw);
377 return ret;
378 }
379
380 static void print_trust_delete_usage(void)
381 {
382 d_printf( "%s\n"
383 "net rpc trust delete [options]\n"
384 "\nOptions:\n"
385 "\totherserver=DC in other domain\n"
386 "\totheruser=Admin user in other domain\n"
387 "\totherdomainsid=SID of other domain\n"
388 "\nExamples:\n"
389 "\tnet rpc trust delete otherserver=oname otheruser=ouser -S lname -U luser\n"
390 "\tnet rpc trust delete otherdomainsid=S-... -S lname -U luser\n"
391 " %s\n",
392 _("Usage:"),
393 _("Remove trust between two domains"));
394 }
395
396 static void print_trust_usage(void)
397 {
398 d_printf( "%s\n"
399 "net rpc trust create [options]\n"
400 "\nOptions:\n"
401 "\totherserver=DC in other domain\n"
402 "\totheruser=Admin user in other domain\n"
403 "\totherdomainsid=SID of other domain\n"
404 "\tother_netbios_domain=NetBIOS/short name of other domain\n"
405 "\totherdomain=Full/DNS name of other domain\n"
406 "\ttrustpw=Trust password\n"
407 "\nExamples:\n"
408 "\tnet rpc trust create otherserver=oname otheruser=ouser -S lname -U luser\n"
409 "\tnet rpc trust create otherdomainsid=S-... other_netbios_domain=odom otherdomain=odom.org trustpw=secret -S lname -U luser\n"
410 " %s\n",
411 _("Usage:"),
412 _("Create trust between two domains"));
413 }
414
415 static int rpc_trust_common(struct net_context *net_ctx, int argc,
416 const char **argv, enum trust_op op)
417 {
418 TALLOC_CTX *mem_ctx;
419 NTSTATUS status;
420 int ret;
421 int success = -1;
422 struct cli_state *cli[2] = {NULL, NULL};
423 struct rpc_pipe_client *pipe_hnd[2] = {NULL, NULL};
424 DATA_BLOB session_key[2];
425 struct policy_handle pol_hnd[2];
426 struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
427 DATA_BLOB auth_blob;
428 char *trust_pw = NULL;
429 struct other_dom_data *other_dom_data;
430 struct net_context *other_net_ctx = NULL;
431 struct dom_data dom_data[2];
432 void (*usage)(void);
433
434 ZERO_STRUCT(session_key);
435
436 switch (op) {
437 case TRUST_CREATE:
438 usage = print_trust_usage;
439 break;
440 case TRUST_DELETE:
441 usage = print_trust_delete_usage;
442 break;
443 default:
444 DEBUG(0, ("Unsupported trust operation.\n"));
445 return -1;
446 }
447
448 if (net_ctx->display_usage) {
449 usage();
450 return 0;
451 }
452
453 mem_ctx = talloc_init("trust op");
454 if (mem_ctx == NULL) {
455 DEBUG(0, ("talloc_init failed.\n"));
456 return -1;
457 }
458
459 ret = parse_trust_args(mem_ctx, argc, argv, &other_dom_data, &trust_pw);
460 if (ret != 0) {
461 if (ret == EINVAL) {
462 usage();
463 } else {
464 DEBUG(0, ("Failed to parse arguments.\n"));
465 }
466 goto done;
467 }
468
469 if (other_dom_data->host != 0) {
470 other_net_ctx = talloc_zero(other_dom_data, struct net_context);
471 if (other_net_ctx == NULL) {
472 DEBUG(0, ("talloc_zero failed.\n"));
473 goto done;
474 }
475
476 other_net_ctx->opt_host = other_dom_data->host;
477 other_net_ctx->opt_user_name = other_dom_data->user_name;
478 } else {
479 dom_data[1].domsid = dom_sid_parse_talloc(mem_ctx,
480 other_dom_data->domain_sid_str);
481 dom_data[1].domain_name = other_dom_data->domain_name;
482 dom_data[1].dns_domain_name = other_dom_data->dns_domain_name;
483
484 if (dom_data[1].domsid == NULL ||
485 (op == TRUST_CREATE &&
486 (dom_data[1].domain_name == NULL ||
487 dom_data[1].dns_domain_name == NULL))) {
488 DEBUG(0, ("Missing required argument.\n"));
489 usage();
490 goto done;
491 }
492 }
493
494 status = connect_and_get_info(mem_ctx, net_ctx, &cli[0], &pipe_hnd[0],
495 &pol_hnd[0], &dom_data[0], &session_key[0]);
496 if (!NT_STATUS_IS_OK(status)) {
497 DEBUG(0, ("connect_and_get_info failed with error [%s]\n",
498 nt_errstr(status)));
499 goto done;
500 }
501
502 if (other_net_ctx != NULL) {
503 status = connect_and_get_info(mem_ctx, other_net_ctx,
504 &cli[1], &pipe_hnd[1],
505 &pol_hnd[1], &dom_data[1],
506 &session_key[1]);
507 if (!NT_STATUS_IS_OK(status)) {
508 DEBUG(0, ("connect_and_get_info failed with error [%s]\n",
509 nt_errstr(status)));
510 goto done;
511 }
512 }
513
514 if (op == TRUST_CREATE) {
515 if (trust_pw == NULL) {
516 if (other_net_ctx == NULL) {
517 DEBUG(0, ("Missing either trustpw or otherhost.\n"));
518 goto done;
519 }
520
521 DEBUG(0, ("Using random trust password.\n"));
522 trust_pw = trust_pw_new_value(mem_ctx,
523 SEC_CHAN_DOMAIN,
524 SEC_DOMAIN);
525 if (trust_pw == NULL) {
526 DEBUG(0, ("generate_random_password failed.\n"));
527 goto done;
528 }
529 } else {
530 DEBUG(0, ("Using user provided password.\n"));
531 }
532
533 if (!get_trust_domain_passwords_auth_blob(mem_ctx, trust_pw,
534 &auth_blob)) {
535 DEBUG(0, ("get_trust_domain_passwords_auth_blob failed\n"));
536 goto done;
537 }
538
539 authinfo.auth_blob.data = (uint8_t *)talloc_memdup(
540 mem_ctx,
541 auth_blob.data,
542 auth_blob.length);
543 if (authinfo.auth_blob.data == NULL) {
544 goto done;
545 }
546 authinfo.auth_blob.size = auth_blob.length;
547
548 arcfour_crypt_blob(authinfo.auth_blob.data,
549 authinfo.auth_blob.size,
550 &session_key[0]);
551
552 status = create_trust(mem_ctx, pipe_hnd[0]->binding_handle,
553 &pol_hnd[0],
554 dom_data[1].domain_name,
555 dom_data[1].dns_domain_name,
556 dom_data[1].domsid,
557 &authinfo);
558 if (!NT_STATUS_IS_OK(status)) {
559 DEBUG(0, ("create_trust failed with error [%s].\n",
560 nt_errstr(status)));
561 goto done;
562 }
563
564 if (other_net_ctx != NULL) {
565 talloc_free(authinfo.auth_blob.data);
566 authinfo.auth_blob.data = (uint8_t *)talloc_memdup(
567 mem_ctx,
568 auth_blob.data,
569 auth_blob.length);
570 if (authinfo.auth_blob.data == NULL) {
571 goto done;
572 }
573 authinfo.auth_blob.size = auth_blob.length;
574
575 arcfour_crypt_blob(authinfo.auth_blob.data,
576 authinfo.auth_blob.size,
577 &session_key[1]);
578
579 status = create_trust(mem_ctx,
580 pipe_hnd[1]->binding_handle,
581 &pol_hnd[1],
582 dom_data[0].domain_name,
583 dom_data[0].dns_domain_name,
584 dom_data[0].domsid, &authinfo);
585 if (!NT_STATUS_IS_OK(status)) {
586 DEBUG(0, ("create_trust failed with error [%s].\n",
587 nt_errstr(status)));
588 goto done;
589 }
590 }
591 } else if (op == TRUST_DELETE) {
592 status = delete_trust(mem_ctx, pipe_hnd[0]->binding_handle,
593 &pol_hnd[0], dom_data[1].domsid);
594 if (!NT_STATUS_IS_OK(status)) {
595 DEBUG(0, ("delete_trust failed with [%s].\n",
596 nt_errstr(status)));
597 goto done;
598 }
599
600 if (other_net_ctx != NULL) {
601 status = delete_trust(mem_ctx,
602 pipe_hnd[1]->binding_handle,
603 &pol_hnd[1], dom_data[0].domsid);
604 if (!NT_STATUS_IS_OK(status)) {
605 DEBUG(0, ("delete_trust failed with [%s].\n",
606 nt_errstr(status)));
607 goto done;
608 }
609 }
610 }
611
612 status = close_handle(mem_ctx, pipe_hnd[0]->binding_handle,
613 &pol_hnd[0]);
614 if (!NT_STATUS_IS_OK(status)) {
615 DEBUG(0, ("close_handle failed with error [%s].\n",
616 nt_errstr(status)));
617 goto done;
618 }
619
620 if (other_net_ctx != NULL) {
621 status = close_handle(mem_ctx, pipe_hnd[1]->binding_handle,
622 &pol_hnd[1]);
623 if (!NT_STATUS_IS_OK(status)) {
624 DEBUG(0, ("close_handle failed with error [%s].\n",
625 nt_errstr(status)));
626 goto done;
627 }
628 }
629
630 success = 0;
631
632 done:
633 data_blob_clear_free(&session_key[0]);
634 data_blob_clear_free(&session_key[1]);
635 cli_shutdown(cli[0]);
636 cli_shutdown(cli[1]);
637 talloc_destroy(mem_ctx);
638 return success;
639 }
640
641 static int rpc_trust_create(struct net_context *net_ctx, int argc,
642 const char **argv)
643 {
644 return rpc_trust_common(net_ctx, argc, argv, TRUST_CREATE);
645 }
646
647 static int rpc_trust_delete(struct net_context *net_ctx, int argc,
648 const char **argv)
649 {
650 return rpc_trust_common(net_ctx, argc, argv, TRUST_DELETE);
651 }
652
653 int net_rpc_trust(struct net_context *c, int argc, const char **argv)
654 {
655 struct functable func[] = {
656 {
657 "create",
658 rpc_trust_create,
659 NET_TRANSPORT_RPC,
660 N_("Create trusts"),
661 N_("net rpc trust create\n"
662 " Create trusts")
663 },
664 {
665 "delete",
666 rpc_trust_delete,
667 NET_TRANSPORT_RPC,
668 N_("Remove trusts"),
669 N_("net rpc trust delete\n"
670 " Remove trusts")
671 },
672 {NULL, NULL, 0, NULL, NULL}
673 };
674
675 return net_run_function(c, argc, argv, "net rpc trust", func);
676 }
Samba GIT mirror