summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smbldap.h2
-rw-r--r--source3/lib/smbldap.c2
-rw-r--r--source3/libads/kerberos.c2
-rw-r--r--source3/param/loadparm.c1
-rw-r--r--source3/passdb/pdb_get_set.c18
-rw-r--r--source3/passdb/pdb_ldap.c2
-rw-r--r--source3/rpc_client/cli_lsarpc.c58
-rw-r--r--source3/rpc_server/srv_samr_nt.c4
-rw-r--r--source3/rpcclient/cmd_lsarpc.c43
-rw-r--r--source3/smbd/conn.c4
10 files changed, 112 insertions, 24 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 47f336cdb7..d980d08280 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -1,5 +1,5 @@
/*
- Unix SMB/CIFS mplementation.
+ Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Gerald Carter 2001-2003
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 4afafde9bb..518bafcc74 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1,5 +1,5 @@
/*
- Unix SMB/CIFS mplementation.
+ Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Jean François Micouleau 1998
Copyright (C) Gerald Carter 2001-2003
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index b08e28e0ba..4c9997e080 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -3,7 +3,7 @@
kerberos utility library
Copyright (C) Andrew Tridgell 2001
Copyright (C) Remus Koos 2001
- Copyright (C) Nalin Dahyabhai 2004.
+ Copyright (C) Nalin Dahyabhai <nalin@redhat.com> 2004.
Copyright (C) Jeremy Allison 2004.
This program is free software; you can redistribute it and/or modify
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 5ca19134bb..e6beebedb8 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1092,6 +1092,7 @@ static struct parm_struct parm_table[] = {
{"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED},
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, NULL, NULL, FLAG_ADVANCED},
{"ldap passwd sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_ADVANCED},
+ {"ldap password sync", P_ENUM, P_GLOBAL, &Globals.ldap_passwd_sync, NULL, enum_ldap_passwd_sync, FLAG_HIDE},
{"ldap replication sleep", P_INTEGER, P_GLOBAL, &Globals.ldap_replication_sleep, NULL, NULL, FLAG_ADVANCED},
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, FLAG_ADVANCED},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED},
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 2ca7638472..92e2cee710 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -327,14 +327,6 @@ const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass)
return (NULL);
}
-uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass)
-{
- if (sampass)
- return (sampass->private.fields_present);
- else
- return (-1);
-}
-
uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass)
{
if (sampass)
@@ -1048,16 +1040,6 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum
return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
}
-BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag)
-{
- if (!sampass)
- return False;
-
- sampass->private.fields_present = fields_present;
-
- return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag);
-}
-
BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag)
{
if (!sampass)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index a84b2f35b2..6c1d64abce 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1,5 +1,5 @@
/*
- Unix SMB/CIFS mplementation.
+ Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Jean François Micouleau 1998
Copyright (C) Gerald Carter 2001-2003
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index b08fa169ef..b360d8e622 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -928,6 +928,64 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
+/** Create a LSA user handle
+ *
+ * @param cli Handle on an initialised SMB connection
+ *
+ * FIXME: The code is actually identical to open account
+ * TODO: Check and code what the function should exactly do
+ *
+ * */
+
+NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access,
+ POLICY_HND *user_pol)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_CREATEACCOUNT q;
+ LSA_R_CREATEACCOUNT r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Initialise input parameters */
+
+ init_lsa_q_create_account(&q, dom_pol, sid, desired_access);
+
+ /* Marshall data and send request */
+
+ if (!lsa_io_q_create_account("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, PI_LSARPC, LSA_CREATEACCOUNT, &qbuf, &rbuf)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!lsa_io_r_create_account("", &r, &rbuf, 0)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Return output parameters */
+
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *user_pol = r.pol;
+ }
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result;
+}
+
/** Open a LSA user handle
*
* @param cli Handle on an initialised SMB connection */
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 271553f4b2..4c3f95fe6b 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -75,7 +75,7 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
level of access for further checks.
********************************************************************/
-NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access,
+static NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access,
uint32 *acc_granted, const char *debug)
{
NTSTATUS status = NT_STATUS_ACCESS_DENIED;
@@ -100,7 +100,7 @@ NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, u
Checks if access to a function can be granted
********************************************************************/
-NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
+static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
{
DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 2b8279ccd2..a07d38ca60 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -445,6 +445,48 @@ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
return result;
}
+/* Create a new account */
+
+static NTSTATUS cmd_lsa_create_account(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ POLICY_HND dom_pol;
+ POLICY_HND user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 des_access = 0x000f000f;
+
+ DOM_SID sid;
+
+ if (argc != 2 ) {
+ printf("Usage: %s SID\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_lsa_open_policy2(cli, mem_ctx, True,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &dom_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ printf("Account for SID %s successfully created\n\n", argv[1]);
+ result = NT_STATUS_OK;
+
+ done:
+ return result;
+}
+
+
/* Enumerate the privileges of an SID */
static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
@@ -708,6 +750,7 @@ struct cmd_set lsarpc_commands[] = {
{ "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" },
{ "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" },
{ "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" },
+ { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" },
{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" },
{ "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" },
{ "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" },
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 6b5942f7f6..26529c77a1 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -250,6 +250,10 @@ void conn_free(connection_struct *conn)
conn->ngroups = 0;
}
+ if (conn->nt_user_token) {
+ delete_nt_token(&(conn->nt_user_token));
+ }
+
free_namearray(conn->veto_list);
free_namearray(conn->hide_list);
free_namearray(conn->veto_oplock_list);