diff options
-rw-r--r-- | source3/include/smbldap.h | 2 | ||||
-rw-r--r-- | source3/lib/smbldap.c | 2 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 2 | ||||
-rw-r--r-- | source3/param/loadparm.c | 1 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 18 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 2 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 58 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 4 | ||||
-rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 43 | ||||
-rw-r--r-- | source3/smbd/conn.c | 4 |
10 files changed, 112 insertions, 24 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 47f336cdb7..d980d08280 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -1,5 +1,5 @@ /* - Unix SMB/CIFS mplementation. + Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA Copyright (C) Gerald Carter 2001-2003 diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 4afafde9bb..518bafcc74 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1,5 +1,5 @@ /* - Unix SMB/CIFS mplementation. + Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA Copyright (C) Jean François Micouleau 1998 Copyright (C) Gerald Carter 2001-2003 diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index b08e28e0ba..4c9997e080 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -3,7 +3,7 @@ kerberos utility library Copyright (C) Andrew Tridgell 2001 Copyright (C) Remus Koos 2001 - Copyright (C) Nalin Dahyabhai 2004. + Copyright (C) Nalin Dahyabhai <nalin@redhat.com> 2004. Copyright (C) Jeremy Allison 2004. This program is free software; you can redistribute it and/or modify diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 5ca19134bb..e6beebedb8 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1092,6 +1092,7 @@ static struct parm_struct parm_table[] = { {"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap passwd sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_ADVANCED}, + {"ldap password sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_HIDE}, {"ldap replication sleep", P_INTEGER, P_GLOBAL, &Globals.ldap_replication_sleep, NULL, NULL, FLAG_ADVANCED}, {"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 2ca7638472..92e2cee710 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -327,14 +327,6 @@ const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass) return (NULL); } -uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass) -{ - if (sampass) - return (sampass->private.fields_present); - else - return (-1); -} - uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass) { if (sampass) @@ -1048,16 +1040,6 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag); } -BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag) -{ - if (!sampass) - return False; - - sampass->private.fields_present = fields_present; - - return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag); -} - BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag) { if (!sampass) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a84b2f35b2..6c1d64abce 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1,5 +1,5 @@ /* - Unix SMB/CIFS mplementation. + Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA Copyright (C) Jean François Micouleau 1998 Copyright (C) Gerald Carter 2001-2003 diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b08fa169ef..b360d8e622 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -928,6 +928,64 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/** Create a LSA user handle + * + * @param cli Handle on an initialised SMB connection + * + * FIXME: The code is actually identical to open account + * TODO: Check and code what the function should exactly do + * + * */ + +NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, + POLICY_HND *user_pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_CREATEACCOUNT q; + LSA_R_CREATEACCOUNT r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_lsa_q_create_account(&q, dom_pol, sid, desired_access); + + /* Marshall data and send request */ + + if (!lsa_io_q_create_account("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_CREATEACCOUNT, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_create_account("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *user_pol = r.pol; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /** Open a LSA user handle * * @param cli Handle on an initialised SMB connection */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 271553f4b2..4c3f95fe6b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -75,7 +75,7 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd level of access for further checks. ********************************************************************/ -NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access, +static NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access, uint32 *acc_granted, const char *debug) { NTSTATUS status = NT_STATUS_ACCESS_DENIED; @@ -100,7 +100,7 @@ NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, u Checks if access to a function can be granted ********************************************************************/ -NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug) +static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug) { DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n", debug, acc_granted, acc_required)); diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 2b8279ccd2..a07d38ca60 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -445,6 +445,48 @@ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, return result; } +/* Create a new account */ + +static NTSTATUS cmd_lsa_create_account(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + POLICY_HND dom_pol; + POLICY_HND user_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint32 des_access = 0x000f000f; + + DOM_SID sid; + + if (argc != 2 ) { + printf("Usage: %s SID\n", argv[0]); + return NT_STATUS_OK; + } + + result = name_to_sid(cli, mem_ctx, &sid, argv[1]); + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_open_policy2(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + printf("Account for SID %s successfully created\n\n", argv[1]); + result = NT_STATUS_OK; + + done: + return result; +} + + /* Enumerate the privileges of an SID */ static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, @@ -708,6 +750,7 @@ struct cmd_set lsarpc_commands[] = { { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" }, { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" }, { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, + { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" }, { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 6b5942f7f6..26529c77a1 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -250,6 +250,10 @@ void conn_free(connection_struct *conn) conn->ngroups = 0; } + if (conn->nt_user_token) { + delete_nt_token(&(conn->nt_user_token)); + } + free_namearray(conn->veto_list); free_namearray(conn->hide_list); free_namearray(conn->veto_oplock_list); |