LCOV - code coverage report
Current view: top level - source3/utils - net_rpc_trust.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 0 357 0.0 %
Date: 2023-11-21 12:31:41 Functions: 0 13 0.0 %

          Line data    Source code
       1             : /*
       2             :    Samba Unix/Linux SMB client library
       3             :    Distributed SMB/CIFS Server Management Utility
       4             :    Copyright (C) 2011 Sumit Bose (sbose@redhat.com)
       5             : 
       6             :    This program is free software; you can redistribute it and/or modify
       7             :    it under the terms of the GNU General Public License as published by
       8             :    the Free Software Foundation; either version 3 of the License, or
       9             :    (at your option) any later version.
      10             : 
      11             :    This program is distributed in the hope that it will be useful,
      12             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :    GNU General Public License for more details.
      15             : 
      16             :    You should have received a copy of the GNU General Public License
      17             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
      18             : 
      19             : 
      20             : #include "includes.h"
      21             : #include "utils/net.h"
      22             : #include "rpc_client/cli_pipe.h"
      23             : #include "rpc_client/cli_lsarpc.h"
      24             : #include "librpc/gen_ndr/ndr_drsblobs.h"
      25             : #include "../librpc/gen_ndr/ndr_lsa_c.h"
      26             : #include "../libcli/security/dom_sid.h"
      27             : #include "libsmb/libsmb.h"
      28             : 
      29             : #include "lib/crypto/gnutls_helpers.h"
      30             : #include <gnutls/gnutls.h>
      31             : #include <gnutls/crypto.h>
      32             : 
      33             : #define ARG_OTHERSERVER "otherserver="
      34             : #define ARG_OTHERUSER "otheruser="
      35             : #define ARG_OTHERDOMAINSID "otherdomainsid="
      36             : #define ARG_OTHERDOMAIN "otherdomain="
      37             : #define ARG_OTHERNETBIOSDOMAIN "other_netbios_domain="
      38             : #define ARG_TRUSTPW "trustpw="
      39             : 
      40             : enum trust_op {
      41             :         TRUST_CREATE,
      42             :         TRUST_DELETE
      43             : };
      44             : 
      45             : struct other_dom_data {
      46             :         char *host;
      47             :         char *user_name;
      48             :         char *domain_sid_str;
      49             :         char *dns_domain_name;
      50             :         char *domain_name;
      51             : };
      52             : 
      53             : struct dom_data {
      54             :         struct dom_sid *domsid;
      55             :         char *dns_domain_name;
      56             :         char *domain_name;
      57             : };
      58             : 
      59           0 : static NTSTATUS close_handle(TALLOC_CTX *mem_ctx,
      60             :                              struct dcerpc_binding_handle *bind_hnd,
      61             :                              struct policy_handle *pol_hnd)
      62             : {
      63           0 :         NTSTATUS status;
      64           0 :         NTSTATUS result;
      65             : 
      66           0 :         status = dcerpc_lsa_Close(bind_hnd, mem_ctx, pol_hnd, &result);
      67           0 :         if (!NT_STATUS_IS_OK(status)) {
      68           0 :                 DEBUG(0, ("dcerpc_lsa_Close failed with error [%s].\n",
      69             :                           nt_errstr(status)));
      70           0 :                 return status;
      71             :         }
      72           0 :         if (!NT_STATUS_IS_OK(result)) {
      73           0 :                 DEBUG(0, ("lsa close failed with error [%s].\n",
      74             :                           nt_errstr(result)));
      75           0 :                 return result;
      76             :         }
      77             : 
      78           0 :         return NT_STATUS_OK;
      79             : }
      80             : 
      81           0 : static NTSTATUS delete_trust(TALLOC_CTX *mem_ctx,
      82             :                              struct dcerpc_binding_handle *bind_hnd,
      83             :                              struct policy_handle *pol_hnd,
      84             :                              struct dom_sid *domsid)
      85             : {
      86           0 :         NTSTATUS status;
      87           0 :         struct lsa_DeleteTrustedDomain dr;
      88             : 
      89           0 :         dr.in.handle = pol_hnd;
      90           0 :         dr.in.dom_sid = domsid;
      91             : 
      92           0 :         status = dcerpc_lsa_DeleteTrustedDomain_r(bind_hnd, mem_ctx, &dr);
      93           0 :         if (!NT_STATUS_IS_OK(status)) {
      94           0 :                 DEBUG(0, ("dcerpc_lsa_DeleteTrustedDomain_r failed with [%s]\n",
      95             :                           nt_errstr(status)));
      96           0 :                 return status;
      97             :         }
      98           0 :         if (!NT_STATUS_IS_OK(dr.out.result)) {
      99           0 :                 DEBUG(0, ("DeleteTrustedDomain returned [%s]\n",
     100             :                           nt_errstr(dr.out.result)));
     101           0 :                 return dr.out.result;
     102             :         }
     103             : 
     104           0 :         return NT_STATUS_OK;
     105             : }
     106             : 
     107           0 : static NTSTATUS create_trust(TALLOC_CTX *mem_ctx,
     108             :                              struct dcerpc_binding_handle *bind_hnd,
     109             :                              struct policy_handle *pol_hnd,
     110             :                              const char *trust_name,
     111             :                              const char *trust_name_dns,
     112             :                              struct dom_sid *domsid,
     113             :                              struct lsa_TrustDomainInfoAuthInfoInternal *authinfo)
     114             : {
     115           0 :         NTSTATUS status;
     116           0 :         struct lsa_CreateTrustedDomainEx2 r;
     117           0 :         struct lsa_TrustDomainInfoInfoEx trustinfo;
     118           0 :         struct policy_handle trustdom_handle;
     119             : 
     120           0 :         trustinfo.sid = domsid;
     121           0 :         trustinfo.netbios_name.string = trust_name;
     122           0 :         trustinfo.domain_name.string = trust_name_dns;
     123             : 
     124           0 :         trustinfo.trust_direction = LSA_TRUST_DIRECTION_INBOUND |
     125             :                                     LSA_TRUST_DIRECTION_OUTBOUND;
     126             : 
     127           0 :         trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL;
     128             : 
     129           0 :         trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
     130             : 
     131           0 :         r.in.policy_handle = pol_hnd;
     132           0 :         r.in.info = &trustinfo;
     133           0 :         r.in.auth_info_internal = authinfo;
     134           0 :         r.in.access_mask = LSA_TRUSTED_SET_POSIX | LSA_TRUSTED_SET_AUTH |
     135             :                            LSA_TRUSTED_QUERY_DOMAIN_NAME;
     136           0 :         r.out.trustdom_handle = &trustdom_handle;
     137             : 
     138           0 :         status = dcerpc_lsa_CreateTrustedDomainEx2_r(bind_hnd, mem_ctx, &r);
     139           0 :         if (!NT_STATUS_IS_OK(status)) {
     140           0 :                 DEBUG(0, ("dcerpc_lsa_CreateTrustedDomainEx2_r failed "
     141             :                           "with error [%s].\n", nt_errstr(status)));
     142           0 :                 return status;
     143             :         }
     144           0 :         if (!NT_STATUS_IS_OK(r.out.result)) {
     145           0 :                 DEBUG(0, ("CreateTrustedDomainEx2_r returned [%s].\n",
     146             :                           nt_errstr(r.out.result)));
     147           0 :                 return r.out.result;
     148             :         }
     149             : 
     150           0 :         return NT_STATUS_OK;
     151             : }
     152             : 
     153           0 : static NTSTATUS get_domain_info(TALLOC_CTX *mem_ctx,
     154             :                                 struct dcerpc_binding_handle *bind_hdn,
     155             :                                 struct policy_handle *pol_hnd,
     156             :                                 struct dom_data *dom_data)
     157             : {
     158           0 :         NTSTATUS status;
     159           0 :         struct lsa_QueryInfoPolicy2 qr;
     160           0 :         struct dom_sid_buf buf;
     161             : 
     162           0 :         qr.in.handle = pol_hnd;
     163           0 :         qr.in.level = LSA_POLICY_INFO_DNS;
     164             : 
     165           0 :         status = dcerpc_lsa_QueryInfoPolicy2_r(bind_hdn, mem_ctx, &qr);
     166           0 :         if (!NT_STATUS_IS_OK(status)) {
     167           0 :                 DEBUG(0, ("dcerpc_lsa_QueryInfoPolicy2_r failed "
     168             :                           "with error [%s].\n", nt_errstr(status)));
     169           0 :                 return status;
     170             :         }
     171             : 
     172           0 :         if (!NT_STATUS_IS_OK(qr.out.result)) {
     173           0 :                 DEBUG(0, ("QueryInfoPolicy2 returned [%s].\n",
     174             :                           nt_errstr(qr.out.result)));
     175           0 :                 return qr.out.result;
     176             :         }
     177             : 
     178           0 :         dom_data->domain_name = talloc_strdup(mem_ctx,
     179           0 :                                               (*qr.out.info)->dns.name.string);
     180           0 :         dom_data->dns_domain_name = talloc_strdup(mem_ctx,
     181           0 :                                          (*qr.out.info)->dns.dns_domain.string);
     182           0 :         dom_data->domsid = dom_sid_dup(mem_ctx, (*qr.out.info)->dns.sid);
     183           0 :         if (dom_data->domain_name == NULL ||
     184           0 :             dom_data->dns_domain_name == NULL ||
     185           0 :             dom_data->domsid == NULL) {
     186           0 :                 DEBUG(0, ("Copying domain data failed.\n"));
     187           0 :                 return NT_STATUS_NO_MEMORY;
     188             :         }
     189             : 
     190           0 :         DEBUG(0, ("Got the following domain info [%s][%s][%s].\n",
     191             :                   dom_data->domain_name, dom_data->dns_domain_name,
     192             :                   dom_sid_str_buf(dom_data->domsid, &buf)));
     193             : 
     194           0 :         return NT_STATUS_OK;
     195             : }
     196             : 
     197           0 : static NTSTATUS connect_and_get_info(TALLOC_CTX *mem_ctx,
     198             :                                      struct net_context *net_ctx,
     199             :                                      struct cli_state **cli,
     200             :                                      struct rpc_pipe_client **pipe_hnd,
     201             :                                      struct policy_handle *pol_hnd,
     202             :                                      struct dom_data *dom_data,
     203             :                                      DATA_BLOB *session_key)
     204             : {
     205           0 :         NTSTATUS status;
     206           0 :         NTSTATUS result;
     207             : 
     208           0 :         status = net_make_ipc_connection_ex(net_ctx, NULL, NULL, NULL,
     209             :                                             NET_FLAGS_PDC, cli);
     210           0 :         if (!NT_STATUS_IS_OK(status)) {
     211           0 :                 DEBUG(0, ("Failed to connect to [%s] with error [%s]\n",
     212             :                           net_ctx->opt_host, nt_errstr(status)));
     213           0 :                 return status;
     214             :         }
     215             : 
     216           0 :         status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, pipe_hnd);
     217           0 :         if (!NT_STATUS_IS_OK(status)) {
     218           0 :                 DEBUG(0, ("Failed to initialise lsa pipe with error [%s]\n",
     219             :                           nt_errstr(status)));
     220           0 :                 return status;
     221             :         }
     222             : 
     223           0 :         status = dcerpc_lsa_open_policy2((*pipe_hnd)->binding_handle,
     224             :                                          mem_ctx,
     225           0 :                                          (*pipe_hnd)->srv_name_slash,
     226             :                                          false,
     227             :                                          (LSA_POLICY_VIEW_LOCAL_INFORMATION |
     228             :                                           LSA_POLICY_TRUST_ADMIN |
     229             :                                           LSA_POLICY_CREATE_SECRET),
     230             :                                          pol_hnd,
     231             :                                          &result);
     232           0 :         if (!NT_STATUS_IS_OK(status)) {
     233           0 :                 DEBUG(0, ("Failed to open policy handle with error [%s]\n",
     234             :                           nt_errstr(status)));
     235           0 :                 return status;
     236             :         }
     237           0 :         if (!NT_STATUS_IS_OK(result)) {
     238           0 :                 DEBUG(0, ("lsa_open_policy2 with error [%s]\n",
     239             :                           nt_errstr(result)));
     240           0 :                 return result;
     241             :         }
     242             : 
     243           0 :         status = get_domain_info(mem_ctx, (*pipe_hnd)->binding_handle,
     244             :                                  pol_hnd, dom_data);
     245           0 :         if (!NT_STATUS_IS_OK(status)) {
     246           0 :                 DEBUG(0, ("get_domain_info failed with error [%s].\n",
     247             :                           nt_errstr(status)));
     248           0 :                 return status;
     249             :         }
     250             : 
     251           0 :         status = cli_get_session_key(mem_ctx, *pipe_hnd, session_key);
     252           0 :         if (!NT_STATUS_IS_OK(status)) {
     253           0 :                 DEBUG(0,("Error getting session_key of LSA pipe. Error was %s\n",
     254             :                         nt_errstr(status)));
     255           0 :                 return status;
     256             :         }
     257             : 
     258           0 :         return NT_STATUS_OK;
     259             : }
     260             : 
     261           0 : static bool get_trust_domain_passwords_auth_blob(TALLOC_CTX *mem_ctx,
     262             :                                                  const char *password,
     263             :                                                  DATA_BLOB *auth_blob)
     264             : {
     265           0 :         struct trustDomainPasswords auth_struct;
     266           0 :         struct AuthenticationInformation *auth_info_array;
     267           0 :         enum ndr_err_code ndr_err;
     268           0 :         size_t converted_size;
     269             : 
     270           0 :         generate_random_buffer(auth_struct.confounder,
     271             :                                sizeof(auth_struct.confounder));
     272             : 
     273           0 :         auth_info_array = talloc_array(mem_ctx,
     274             :                                        struct AuthenticationInformation, 1);
     275           0 :         if (auth_info_array == NULL) {
     276           0 :                 return false;
     277             :         }
     278             : 
     279           0 :         auth_info_array[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
     280           0 :         if (!convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16, password,
     281             :                                   strlen(password),
     282           0 :                                   &auth_info_array[0].AuthInfo.clear.password,
     283             :                                   &converted_size)) {
     284           0 :                 return false;
     285             :         }
     286             : 
     287           0 :         auth_info_array[0].AuthInfo.clear.size = converted_size;
     288             : 
     289           0 :         auth_struct.outgoing.count = 1;
     290           0 :         auth_struct.outgoing.current.count = 1;
     291           0 :         auth_struct.outgoing.current.array = auth_info_array;
     292           0 :         auth_struct.outgoing.previous.count = 0;
     293           0 :         auth_struct.outgoing.previous.array = NULL;
     294             : 
     295           0 :         auth_struct.incoming.count = 1;
     296           0 :         auth_struct.incoming.current.count = 1;
     297           0 :         auth_struct.incoming.current.array = auth_info_array;
     298           0 :         auth_struct.incoming.previous.count = 0;
     299           0 :         auth_struct.incoming.previous.array = NULL;
     300             : 
     301           0 :         ndr_err = ndr_push_struct_blob(auth_blob, mem_ctx, &auth_struct,
     302             :                                        (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
     303           0 :         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
     304           0 :                 return false;
     305             :         }
     306             : 
     307           0 :         return true;
     308             : }
     309             : 
     310           0 : static int parse_trust_args(TALLOC_CTX *mem_ctx, int argc, const char **argv, struct other_dom_data **_o, char **_trustpw)
     311             : {
     312           0 :         size_t c;
     313           0 :         struct other_dom_data *o = NULL;
     314           0 :         char *trustpw = NULL;
     315           0 :         int ret = EFAULT;
     316             : 
     317           0 :         if (argc == 0) {
     318           0 :                 return EINVAL;
     319             :         }
     320             : 
     321           0 :         o = talloc_zero(mem_ctx, struct other_dom_data);
     322           0 :         if (o == NULL) {
     323           0 :                 DEBUG(0, ("talloc_zero failed.\n"));
     324           0 :                 return ENOMEM;
     325             :         }
     326             : 
     327           0 :         for (c = 0; c < argc; c++) {
     328           0 :                 if (strnequal(argv[c], ARG_OTHERSERVER, sizeof(ARG_OTHERSERVER)-1)) {
     329           0 :                         o->host = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERSERVER)-1);
     330           0 :                         if (o->host == NULL) {
     331           0 :                                 ret = ENOMEM;
     332           0 :                                 goto failed;
     333             :                         }
     334           0 :                 } else if (strnequal(argv[c], ARG_OTHERUSER, sizeof(ARG_OTHERUSER)-1)) {
     335           0 :                         o->user_name = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERUSER)-1);
     336           0 :                         if (o->user_name == NULL) {
     337           0 :                                 ret = ENOMEM;
     338           0 :                                 goto failed;
     339             :                         }
     340           0 :                 } else if (strnequal(argv[c], ARG_OTHERDOMAINSID, sizeof(ARG_OTHERDOMAINSID)-1)) {
     341           0 :                         o->domain_sid_str = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERDOMAINSID)-1);
     342           0 :                         if (o->domain_sid_str == NULL) {
     343           0 :                                 ret = ENOMEM;
     344           0 :                                 goto failed;
     345             :                         }
     346           0 :                 } else if (strnequal(argv[c], ARG_OTHERDOMAIN, sizeof(ARG_OTHERDOMAIN)-1)) {
     347           0 :                         o->dns_domain_name = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERDOMAIN)-1);
     348           0 :                         if (o->dns_domain_name == NULL) {
     349           0 :                                 ret = ENOMEM;
     350           0 :                                 goto failed;
     351             :                         }
     352           0 :                 } else if (strnequal(argv[c], ARG_OTHERNETBIOSDOMAIN, sizeof(ARG_OTHERNETBIOSDOMAIN)-1)) {
     353           0 :                         o->domain_name = talloc_strdup(o, argv[c] + sizeof(ARG_OTHERNETBIOSDOMAIN)-1);
     354           0 :                         if (o->domain_name == NULL) {
     355           0 :                                 ret = ENOMEM;
     356           0 :                                 goto failed;
     357             :                         }
     358           0 :                 } else if (strnequal(argv[c], ARG_TRUSTPW, sizeof(ARG_TRUSTPW)-1)) {
     359           0 :                         trustpw = talloc_strdup(mem_ctx, argv[c] + sizeof(ARG_TRUSTPW)-1);
     360           0 :                         if (trustpw == NULL) {
     361           0 :                                 ret = ENOMEM;
     362           0 :                                 goto failed;
     363             :                         }
     364             :                 } else {
     365           0 :                         DEBUG(0, ("Unsupported option [%s].\n", argv[c]));
     366           0 :                         ret = EINVAL;
     367           0 :                         goto failed;
     368             :                 }
     369             :         }
     370             : 
     371           0 :         *_o = o;
     372           0 :         *_trustpw = trustpw;
     373             : 
     374           0 :         return 0;
     375             : 
     376           0 : failed:
     377           0 :         talloc_free(o);
     378           0 :         talloc_free(trustpw);
     379           0 :         return ret;
     380             : }
     381             : 
     382           0 : static void print_trust_delete_usage(void)
     383             : {
     384           0 :         d_printf(  "%s\n"
     385             :                    "net rpc trust delete [options]\n"
     386             :                    "\nOptions:\n"
     387             :                    "\totherserver=DC in other domain\n"
     388             :                    "\totheruser=Admin user in other domain\n"
     389             :                    "\totherdomainsid=SID of other domain\n"
     390             :                    "\nExamples:\n"
     391             :                    "\tnet rpc trust delete otherserver=oname otheruser=ouser -S lname -U luser\n"
     392             :                    "\tnet rpc trust delete otherdomainsid=S-... -S lname -U luser\n"
     393             :                    "  %s\n",
     394             :                  _("Usage:"),
     395             :                  _("Remove trust between two domains"));
     396           0 : }
     397             : 
     398           0 : static void print_trust_usage(void)
     399             : {
     400           0 :         d_printf(  "%s\n"
     401             :                    "net rpc trust create [options]\n"
     402             :                    "\nOptions:\n"
     403             :                    "\totherserver=DC in other domain\n"
     404             :                    "\totheruser=Admin user in other domain\n"
     405             :                    "\totherdomainsid=SID of other domain\n"
     406             :                    "\tother_netbios_domain=NetBIOS/short name of other domain\n"
     407             :                    "\totherdomain=Full/DNS name of other domain\n"
     408             :                    "\ttrustpw=Trust password\n"
     409             :                    "\nExamples:\n"
     410             :                    "\tnet rpc trust create otherserver=oname otheruser=ouser -S lname -U luser\n"
     411             :                    "\tnet rpc trust create otherdomainsid=S-... other_netbios_domain=odom otherdomain=odom.org trustpw=secret -S lname -U luser\n"
     412             :                    "  %s\n",
     413             :                  _("Usage:"),
     414             :                  _("Create trust between two domains"));
     415           0 : }
     416             : 
     417           0 : static int rpc_trust_common(struct net_context *net_ctx, int argc,
     418             :                             const char **argv, enum trust_op op)
     419             : {
     420           0 :         TALLOC_CTX *mem_ctx;
     421           0 :         NTSTATUS status;
     422           0 :         int ret;
     423           0 :         int success = -1;
     424           0 :         struct cli_state *cli[2] = {NULL, NULL};
     425           0 :         struct rpc_pipe_client *pipe_hnd[2] = {NULL, NULL};
     426           0 :         DATA_BLOB session_key[2];
     427           0 :         struct policy_handle pol_hnd[2];
     428           0 :         struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
     429           0 :         DATA_BLOB auth_blob;
     430           0 :         char *trust_pw = NULL;
     431           0 :         struct other_dom_data *other_dom_data;
     432           0 :         struct net_context *other_net_ctx = NULL;
     433           0 :         struct dom_data dom_data[2];
     434           0 :         void (*usage)(void);
     435             : 
     436           0 :         ZERO_STRUCT(session_key);
     437             : 
     438           0 :         switch (op) {
     439           0 :                 case TRUST_CREATE:
     440           0 :                         usage = print_trust_usage;
     441           0 :                         break;
     442           0 :                 case TRUST_DELETE:
     443           0 :                         usage = print_trust_delete_usage;
     444           0 :                         break;
     445           0 :                 default:
     446           0 :                         DEBUG(0, ("Unsupported trust operation.\n"));
     447           0 :                         return -1;
     448             :         }
     449             : 
     450           0 :         if (net_ctx->display_usage) {
     451           0 :                 usage();
     452           0 :                 return 0;
     453             :         }
     454             : 
     455           0 :         mem_ctx = talloc_init("trust op");
     456           0 :         if (mem_ctx == NULL) {
     457           0 :                 DEBUG(0, ("talloc_init failed.\n"));
     458           0 :                 return -1;
     459             :         }
     460             : 
     461           0 :         ret = parse_trust_args(mem_ctx, argc, argv, &other_dom_data, &trust_pw);
     462           0 :         if (ret != 0) {
     463           0 :                 if (ret == EINVAL) {
     464           0 :                         usage();
     465             :                 } else {
     466           0 :                         DEBUG(0, ("Failed to parse arguments.\n"));
     467             :                 }
     468           0 :                 goto done;
     469             :         }
     470             : 
     471           0 :         if (other_dom_data->host != 0) {
     472           0 :                 other_net_ctx = talloc_zero(other_dom_data, struct net_context);
     473           0 :                 if (other_net_ctx == NULL) {
     474           0 :                         DEBUG(0, ("talloc_zero failed.\n"));
     475           0 :                         goto done;
     476             :                 }
     477             : 
     478           0 :                 other_net_ctx->opt_host = other_dom_data->host;
     479           0 :                 other_net_ctx->opt_user_name = other_dom_data->user_name;
     480           0 :                 other_net_ctx->opt_user_specified = true;
     481             :         } else {
     482           0 :                 dom_data[1].domsid = dom_sid_parse_talloc(mem_ctx,
     483           0 :                                                 other_dom_data->domain_sid_str);
     484           0 :                 dom_data[1].domain_name = other_dom_data->domain_name;
     485           0 :                 dom_data[1].dns_domain_name = other_dom_data->dns_domain_name;
     486             : 
     487           0 :                 if (dom_data[1].domsid == NULL ||
     488           0 :                     (op == TRUST_CREATE &&
     489           0 :                      (dom_data[1].domain_name == NULL ||
     490           0 :                       dom_data[1].dns_domain_name == NULL))) {
     491           0 :                         DEBUG(0, ("Missing required argument.\n"));
     492           0 :                         usage();
     493           0 :                         goto done;
     494             :                 }
     495             :         }
     496             : 
     497           0 :         status = connect_and_get_info(mem_ctx, net_ctx, &cli[0], &pipe_hnd[0],
     498             :                                       &pol_hnd[0], &dom_data[0], &session_key[0]);
     499           0 :         if (!NT_STATUS_IS_OK(status)) {
     500           0 :                 DEBUG(0, ("connect_and_get_info failed with error [%s]\n",
     501             :                           nt_errstr(status)));
     502           0 :                 goto done;
     503             :         }
     504             : 
     505           0 :         if (other_net_ctx != NULL) {
     506           0 :                 status = connect_and_get_info(mem_ctx, other_net_ctx,
     507             :                                               &cli[1], &pipe_hnd[1],
     508             :                                               &pol_hnd[1], &dom_data[1],
     509             :                                               &session_key[1]);
     510           0 :                 if (!NT_STATUS_IS_OK(status)) {
     511           0 :                         DEBUG(0, ("connect_and_get_info failed with error [%s]\n",
     512             :                                   nt_errstr(status)));
     513           0 :                         goto done;
     514             :                 }
     515             :         }
     516             : 
     517           0 :         if (op == TRUST_CREATE) {
     518           0 :                 gnutls_cipher_hd_t cipher_hnd = NULL;
     519           0 :                 gnutls_datum_t enc_session_key = {
     520           0 :                         .data = session_key[0].data,
     521           0 :                         .size = session_key[0].length,
     522             :                 };
     523           0 :                 int rc;
     524             : 
     525           0 :                 if (trust_pw == NULL) {
     526           0 :                         if (other_net_ctx == NULL) {
     527           0 :                                 DEBUG(0, ("Missing either trustpw or otherhost.\n"));
     528           0 :                                 goto done;
     529             :                         }
     530             : 
     531           0 :                         DEBUG(0, ("Using random trust password.\n"));
     532           0 :                         trust_pw = trust_pw_new_value(mem_ctx,
     533             :                                                       SEC_CHAN_DOMAIN,
     534             :                                                       SEC_DOMAIN);
     535           0 :                         if (trust_pw == NULL) {
     536           0 :                                 DEBUG(0, ("generate_random_password failed.\n"));
     537           0 :                                 goto done;
     538             :                         }
     539             :                 } else {
     540           0 :                         DEBUG(0, ("Using user provided password.\n"));
     541             :                 }
     542             : 
     543           0 :                 if (!get_trust_domain_passwords_auth_blob(mem_ctx, trust_pw,
     544             :                                                           &auth_blob)) {
     545           0 :                         DEBUG(0, ("get_trust_domain_passwords_auth_blob failed\n"));
     546           0 :                         goto done;
     547             :                 }
     548             : 
     549           0 :                 authinfo.auth_blob.data = (uint8_t *)talloc_memdup(
     550             :                                                         mem_ctx,
     551             :                                                         auth_blob.data,
     552             :                                                         auth_blob.length);
     553           0 :                 if (authinfo.auth_blob.data == NULL) {
     554           0 :                         goto done;
     555             :                 }
     556           0 :                 authinfo.auth_blob.size = auth_blob.length;
     557             : 
     558           0 :                 rc = gnutls_cipher_init(&cipher_hnd,
     559             :                                         GNUTLS_CIPHER_ARCFOUR_128,
     560             :                                         &enc_session_key,
     561             :                                         NULL);
     562           0 :                 if (rc < 0) {
     563           0 :                         status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
     564           0 :                         goto done;
     565             :                 }
     566           0 :                 rc = gnutls_cipher_encrypt(cipher_hnd,
     567           0 :                                            authinfo.auth_blob.data,
     568           0 :                                            authinfo.auth_blob.size);
     569           0 :                 gnutls_cipher_deinit(cipher_hnd);
     570           0 :                 if (rc < 0) {
     571           0 :                         status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
     572           0 :                         goto done;
     573             :                 }
     574             : 
     575           0 :                 status = create_trust(mem_ctx, pipe_hnd[0]->binding_handle,
     576             :                                       &pol_hnd[0],
     577           0 :                                       dom_data[1].domain_name,
     578           0 :                                       dom_data[1].dns_domain_name,
     579             :                                       dom_data[1].domsid,
     580             :                                       &authinfo);
     581           0 :                 if (!NT_STATUS_IS_OK(status)) {
     582           0 :                         DEBUG(0, ("create_trust failed with error [%s].\n",
     583             :                         nt_errstr(status)));
     584           0 :                         goto done;
     585             :                 }
     586             : 
     587           0 :                 if (other_net_ctx != NULL) {
     588           0 :                         talloc_free(authinfo.auth_blob.data);
     589           0 :                         authinfo.auth_blob.data = (uint8_t *)talloc_memdup(
     590             :                                                                 mem_ctx,
     591             :                                                                 auth_blob.data,
     592             :                                                                 auth_blob.length);
     593           0 :                         if (authinfo.auth_blob.data == NULL) {
     594           0 :                                 goto done;
     595             :                         }
     596           0 :                         authinfo.auth_blob.size = auth_blob.length;
     597             : 
     598           0 :                         enc_session_key = (gnutls_datum_t) {
     599           0 :                                 .data = session_key[1].data,
     600           0 :                                 .size = session_key[1].length,
     601             :                         };
     602             : 
     603           0 :                         rc = gnutls_cipher_init(&cipher_hnd,
     604             :                                                 GNUTLS_CIPHER_ARCFOUR_128,
     605             :                                                 &enc_session_key,
     606             :                                                 NULL);
     607           0 :                         if (rc < 0) {
     608           0 :                                 status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
     609           0 :                                 goto done;
     610             :                         }
     611           0 :                         rc = gnutls_cipher_encrypt(cipher_hnd,
     612           0 :                                                    authinfo.auth_blob.data,
     613           0 :                                                    authinfo.auth_blob.size);
     614           0 :                         gnutls_cipher_deinit(cipher_hnd);
     615           0 :                         if (rc < 0) {
     616           0 :                                 status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
     617           0 :                                 goto done;
     618             :                         }
     619             : 
     620           0 :                         status = create_trust(mem_ctx,
     621           0 :                                               pipe_hnd[1]->binding_handle,
     622             :                                               &pol_hnd[1],
     623           0 :                                               dom_data[0].domain_name,
     624           0 :                                               dom_data[0].dns_domain_name,
     625             :                                               dom_data[0].domsid, &authinfo);
     626           0 :                         if (!NT_STATUS_IS_OK(status)) {
     627           0 :                                 DEBUG(0, ("create_trust failed with error [%s].\n",
     628             :                                 nt_errstr(status)));
     629           0 :                                 goto done;
     630             :                         }
     631             :                 }
     632           0 :         } else if (op == TRUST_DELETE) {
     633           0 :                 status = delete_trust(mem_ctx, pipe_hnd[0]->binding_handle,
     634             :                                       &pol_hnd[0], dom_data[1].domsid);
     635           0 :                 if (!NT_STATUS_IS_OK(status)) {
     636           0 :                         DEBUG(0, ("delete_trust failed with [%s].\n",
     637             :                                   nt_errstr(status)));
     638           0 :                         goto done;
     639             :                 }
     640             : 
     641           0 :                 if (other_net_ctx != NULL) {
     642           0 :                         status = delete_trust(mem_ctx,
     643           0 :                                               pipe_hnd[1]->binding_handle,
     644             :                                               &pol_hnd[1], dom_data[0].domsid);
     645           0 :                         if (!NT_STATUS_IS_OK(status)) {
     646           0 :                                 DEBUG(0, ("delete_trust failed with [%s].\n",
     647             :                                           nt_errstr(status)));
     648           0 :                                 goto done;
     649             :                         }
     650             :                 }
     651             :         }
     652             : 
     653           0 :         status = close_handle(mem_ctx, pipe_hnd[0]->binding_handle,
     654             :                               &pol_hnd[0]);
     655           0 :         if (!NT_STATUS_IS_OK(status)) {
     656           0 :                 DEBUG(0, ("close_handle failed with error [%s].\n",
     657             :                           nt_errstr(status)));
     658           0 :                 goto done;
     659             :         }
     660             : 
     661           0 :         if (other_net_ctx != NULL) {
     662           0 :                 status = close_handle(mem_ctx, pipe_hnd[1]->binding_handle,
     663             :                                       &pol_hnd[1]);
     664           0 :                 if (!NT_STATUS_IS_OK(status)) {
     665           0 :                         DEBUG(0, ("close_handle failed with error [%s].\n",
     666             :                                   nt_errstr(status)));
     667           0 :                         goto done;
     668             :                 }
     669             :         }
     670             : 
     671           0 :         success = 0;
     672             : 
     673           0 : done:
     674           0 :         data_blob_clear_free(&session_key[0]);
     675           0 :         data_blob_clear_free(&session_key[1]);
     676           0 :         cli_shutdown(cli[0]);
     677           0 :         cli_shutdown(cli[1]);
     678           0 :         talloc_destroy(mem_ctx);
     679           0 :         return success;
     680             : }
     681             : 
     682           0 : static int rpc_trust_create(struct net_context *net_ctx, int argc,
     683             :                             const char **argv)
     684             : {
     685           0 :         return rpc_trust_common(net_ctx, argc, argv, TRUST_CREATE);
     686             : }
     687             : 
     688           0 : static int rpc_trust_delete(struct net_context *net_ctx, int argc,
     689             :                             const char **argv)
     690             : {
     691           0 :         return rpc_trust_common(net_ctx, argc, argv, TRUST_DELETE);
     692             : }
     693             : 
     694           0 : int net_rpc_trust(struct net_context *c, int argc, const char **argv)
     695             : {
     696           0 :         struct functable func[] = {
     697             :                 {
     698             :                         "create",
     699             :                         rpc_trust_create,
     700             :                         NET_TRANSPORT_RPC,
     701             :                         N_("Create trusts"),
     702             :                         N_("net rpc trust create\n"
     703             :                            "    Create trusts")
     704             :                 },
     705             :                 {
     706             :                         "delete",
     707             :                         rpc_trust_delete,
     708             :                         NET_TRANSPORT_RPC,
     709             :                         N_("Remove trusts"),
     710             :                         N_("net rpc trust delete\n"
     711             :                            "    Remove trusts")
     712             :                 },
     713             :                 {NULL, NULL, 0, NULL, NULL}
     714             :         };
     715             : 
     716           0 :         return net_run_function(c, argc, argv, "net rpc trust", func);
     717             : }

Generated by: LCOV version 1.14