diff options
author | Luke Leighton <lkcl@samba.org> | 1999-12-01 19:25:51 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-12-01 19:25:51 +0000 |
commit | 86ac6fa9389532bc0e39b4da2fb73766cf29aeb9 (patch) | |
tree | 4b3c8546baa832cc228ad796ab6a10676993b88e /source3 | |
parent | d9cc4c39504534da0f4cd2569c724de4909ebd79 (diff) | |
download | samba-86ac6fa9389532bc0e39b4da2fb73766cf29aeb9.tar.gz samba-86ac6fa9389532bc0e39b4da2fb73766cf29aeb9.tar.bz2 samba-86ac6fa9389532bc0e39b4da2fb73766cf29aeb9.zip |
fixing joining to domain plus something weird going down with nt logins...
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 10 | ||||
-rw-r--r-- | source3/passdb/smbpassfile.c | 35 | ||||
-rw-r--r-- | source3/rpc_client/cli_login.c | 2 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 5 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 2 | ||||
-rw-r--r-- | source3/rpc_client/msrpc_samr.c | 19 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 2 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 55 | ||||
-rw-r--r-- | source3/utils/smbpasswd.c | 33 |
9 files changed, 101 insertions, 62 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index d6a03a8d6f..064e2f32a5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1711,6 +1711,7 @@ BOOL trust_password_delete( char *domain, char *name ); BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time); BOOL set_trust_account_password( unsigned char *md4_new_pwd); BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname); +BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]); /*The following definitions come from passdb/smbpassgroup.c */ @@ -1904,6 +1905,7 @@ void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred); BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level); uint32 cli_net_auth2(const char *srv_name, const char *trust_acct, + const char *acct_name, uint16 sec_chan, uint32 neg_flags, DOM_CHAL *srv_chal); uint32 cli_net_req_chal( const char *srv_name, const char* myhostname, @@ -2059,7 +2061,7 @@ BOOL samr_open_domain( const POLICY_HND *connect_pol, BOOL samr_query_lookup_domain( POLICY_HND *pol, const char *dom_name, DOM_SID *dom_sid); BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags, - uint32 num_names, const char **names, + uint32 num_names, char **names, uint32 *num_rids, uint32 rid[MAX_LOOKUP_SIDS], uint32 type[MAX_LOOKUP_SIDS]); @@ -2301,7 +2303,7 @@ uint32 msrpc_sam_enum_aliases( const char* srv_name, ALIAS_MEM_FN(als_mem_fn)); BOOL create_samr_domain_user( POLICY_HND *pol_dom, const char *acct_name, uint16 acb_info, - const char* password, + const char* password, int plen, uint32 *rid); BOOL create_samr_domain_alias( POLICY_HND *pol_open_domain, const char *acct_name, const char *acct_desc, @@ -2348,7 +2350,7 @@ BOOL get_samr_query_aliasinfo( uint32 alias_rid, ALIAS_INFO_CTR *ctr); BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1, const char *acct_name, uint16 acb_info, - const char *password, + const char *password, int plen, uint32 *rid); BOOL msrpc_sam_query_dispinfo(const char* srv_name, const char* domain, DOM_SID *sid1, @@ -3030,7 +3032,7 @@ BOOL make_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM *r_u, BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM *r_u, prs_struct *ps, int depth); BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, POLICY_HND *pol, uint32 flags, - uint32 num_names, const char **name); + uint32 num_names, char **name); BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth); BOOL make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, uint32 num_rids, uint32 *rid, uint8 *type, uint32 status); diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index 83b0e7ef6b..d2a7b0bdf9 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -43,7 +43,7 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0) { - DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n", + DEBUG(0,("get_trust_account_file_name: path %s too long to add trust details.\n", mac_file)); return; } @@ -268,3 +268,36 @@ trust %s in domain %s.\n", myname, domain )); } return True; } + +/********************************************************* +record Trust Account password. +**********************************************************/ +BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]) +{ + /* + * Create the machine account password file. + */ + + if (!trust_password_lock( domain, name, True)) + { + DEBUG(0,("unable to open the trust account password file for \ +account %s in domain %s.\n", name, domain)); + return False; + } + + /* + * Write the old machine account password. + */ + + if (!set_trust_account_password( pass)) + { + DEBUG(0,("unable to write the trust account password for \ +%s in domain %s.\n", name, domain)); + trust_password_unlock(); + return False; + } + + trust_password_unlock(); + + return True; +} diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index 832731d92d..a9244c886e 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -89,7 +89,7 @@ uint32 cli_nt_setup_creds( char* servers, const char* myhostname, * Receive an auth-2 challenge response and check it. */ - ret = cli_net_auth2(srv_name, trust_acct, + ret = cli_net_auth2(srv_name, trust_acct, myhostname, sec_chan, 0x000001ff, &srv_chal); if (ret != 0x0) { diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 1231c706d0..fd6242c996 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -114,6 +114,7 @@ encrypt of the server challenge originally received. JRA. uint32 cli_net_auth2(const char *srv_name, const char *trust_acct, + const char *acct_name, uint16 sec_chan, uint32 neg_flags, DOM_CHAL *srv_chal) { @@ -142,13 +143,13 @@ uint32 cli_net_auth2(const char *srv_name, /* create and send a MSRPC command with api NET_AUTH2 */ DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", - srv_name, trust_acct, sec_chan, srv_name, + srv_name, trust_acct, sec_chan, acct_name, neg_flags)); cli_con_get_cli_cred(con, &clnt_cred); /* store the parameters */ - make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, srv_name, + make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name, &clnt_cred.challenge, neg_flags); /* turn parameters into data stream */ diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 0c3da6801a..a0cb48969d 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -1636,7 +1636,7 @@ BOOL samr_query_lookup_domain( POLICY_HND *pol, const char *dom_name, do a SAMR Query Lookup Names ****************************************************************************/ BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags, - uint32 num_names, const char **names, + uint32 num_names, char **names, uint32 *num_rids, uint32 rid[MAX_LOOKUP_SIDS], uint32 type[MAX_LOOKUP_SIDS]) diff --git a/source3/rpc_client/msrpc_samr.c b/source3/rpc_client/msrpc_samr.c index f6148571aa..49f34fe386 100644 --- a/source3/rpc_client/msrpc_samr.c +++ b/source3/rpc_client/msrpc_samr.c @@ -997,15 +997,13 @@ do a SAMR create domain user ****************************************************************************/ BOOL create_samr_domain_user( POLICY_HND *pol_dom, const char *acct_name, uint16 acb_info, - const char* password, + const char* password, int plen, uint32 *rid) { POLICY_HND pol_open_user; BOOL ret = True; BOOL res1 = True; char pwbuf[516]; - char randompw[24]; - int plen = 0; SAM_USER_INFO_24 *p24; SAM_USER_INFO_16 *p16; SAM_USER_INFO_16 usr16; @@ -1052,16 +1050,6 @@ BOOL create_samr_domain_user( POLICY_HND *pol_dom, return True; } - if (password == NULL) - { - generate_random_buffer(randompw, sizeof(randompw), True); - password = randompw; - plen = sizeof(randompw); - } - else - { - plen = strlen(password); - } encode_pw_buffer(pwbuf, password, plen, False); p24 = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24)); @@ -1525,7 +1513,7 @@ SAM create domain user. ****************************************************************************/ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1, const char *acct_name, uint16 acb_info, - const char *password, + const char *password, int plen, uint32 *rid) { BOOL res = True; @@ -1535,6 +1523,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1, uint32 user_rid; POLICY_HND sam_pol; POLICY_HND pol_dom; + char *pwd = NULL; /* establish a connection. */ res = res ? samr_connect( @@ -1550,7 +1539,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1, res2 = res1 ? create_samr_domain_user( &pol_dom, acct_name, - acb_info, password, &user_rid) : False; + acb_info, password, plen, &user_rid) : False; res1 = res1 ? samr_close( &pol_dom) : False; res = res ? samr_close( &sam_pol) : False; diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 45dc5b57c8..8ce5275bae 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -4399,7 +4399,7 @@ makes a SAMR_Q_LOOKUP_NAMES structure. ********************************************************************/ BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, POLICY_HND *pol, uint32 flags, - uint32 num_names, const char **name) + uint32 num_names, char **name) { uint32 i; if (q_u == NULL) return False; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index a8ab18f6b8..33deb77f4c 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -690,11 +690,18 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) { fstring domain; fstring acct_name; + fstring name; fstring sid; DOM_SID sid1; uint32 user_rid; uint16 acb_info = ACB_NORMAL; + BOOL join_domain = False; int opt; + char *password = NULL; + int plen = 0; + int len = 0; + UNISTR2 upw; + fstring srv_name; fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, info->dest_host); @@ -713,7 +720,7 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) if (argc < 2) { - report(out_hnd, "createuser: <acct name> [-i] [-s]\n"); + report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n"); return; } @@ -721,12 +728,15 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) argv++; safe_strcpy(acct_name, argv[0], sizeof(acct_name)); - if (acct_name[strlen(acct_name)-1] == '$') + len = strlen(acct_name)-1; + if (acct_name[len] == '$') { + safe_strcpy(name, argv[0], sizeof(name)); + name[len] = 0; acb_info = ACB_WSTRUST; } - while ((opt = getopt(argc, argv,"is")) != EOF) + while ((opt = getopt(argc, argv,"isj")) != EOF) { switch (opt) { @@ -740,19 +750,56 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) acb_info = ACB_SVRTRUST; break; } + case 'j': + { + join_domain = True; + } } } + if (join_domain && acb_info == ACB_NORMAL) + { + report(out_hnd, "can only join trust accounts to a domain\n"); + return; + } + report(out_hnd, "SAM Create Domain User\n"); report(out_hnd, "Domain: %s Name: %s ACB: %s\n", domain, acct_name, pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST) + { + upw.uni_str_len = 24; + upw.uni_max_len = 24; + generate_random_buffer((uchar*)upw.buffer, + upw.uni_str_len, True); + password = (char*)upw.buffer; + plen = upw.uni_str_len; + } + if (msrpc_sam_create_dom_user(srv_name, &sid1, - acct_name, acb_info, NULL, + acct_name, acb_info, password, plen, &user_rid)) { report(out_hnd, "Create Domain User: OK\n"); + + if (join_domain) + { + uchar ntpw[16]; + + nt_owf_genW(&upw, ntpw); + + report(out_hnd, "Join %s to Domain %s", name, domain); + if (create_trust_account_file(domain, name, ntpw)) + { + report(out_hnd, ": OK\n"); + } + else + { + report(out_hnd, ": FAILED\n"); + } + } } else { diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 7411d07a9b..3b87687c26 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -81,39 +81,6 @@ static void usage(void) } /********************************************************* -record Trust Account password. -**********************************************************/ -static BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]) -{ - /* - * Create the machine account password file. - */ - - if(!trust_password_lock( domain, name, True)) - { - fprintf(stderr, "unable to open the trust account password file for \ -machine %s in domain %s.\n", global_myname, domain); - return False; - } - - /* - * Write the old machine account password. - */ - - if(!set_trust_account_password( pass)) - { - fprintf(stderr, "unable to write the trust account password for \ -%s in domain %s.\n", name, domain); - trust_password_unlock(); - return False; - } - - trust_password_unlock(); - - return True; -} - -/********************************************************* Join a domain. **********************************************************/ static int create_interdomain_trust_acct(char *domain, char *name) |