diff options
| -rw-r--r-- | source4/librpc/idl/security.idl | 1 | ||||
| -rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 2 | ||||
| -rw-r--r-- | source4/torture/rpc/samr.c | 31 |
3 files changed, 30 insertions, 4 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 098a887bfe..ea2ad050d5 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -170,6 +170,7 @@ interface security const int DOMAIN_RID_GUEST = 501; const int DOMAIN_RID_ADMINS = 512; const int DOMAIN_RID_USERS = 513; + const int DOMAIN_RID_DOMAIN_MEMBERS = 515; const int DOMAIN_RID_DCS = 516; const int DOMAIN_RID_CERT_ADMINS = 517; const int DOMAIN_RID_SCHEMA_ADMINS = 518; diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 648b0d37c6..9bb9cb8161 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1269,6 +1269,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL cn_name[cn_name_len - 1] = '\0'; container = "CN=Computers"; obj_class = "computer"; + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS); } else if (r->in.acct_flags == ACB_SVRTRUST) { if (cn_name[cn_name_len - 1] != '$') { @@ -1277,6 +1278,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL cn_name[cn_name_len - 1] = '\0'; container = "OU=Domain Controllers"; obj_class = "computer"; + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS); } else if (r->in.acct_flags == ACB_DOMTRUST) { container = "CN=Users"; diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 179b3506de..2534044417 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2513,7 +2513,7 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, if (NT_STATUS_IS_OK(status)) { q.in.user_handle = &user_handle; - q.in.level = 16; + q.in.level = 5; status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2521,11 +2521,34 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, q.in.level, nt_errstr(status)); ret = False; } else { - if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { - printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n", - q.out.info->info16.acct_flags, + if ((q.out.info->info5.acct_flags & acct_flags) != acct_flags) { + printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n", + q.out.info->info5.acct_flags, acct_flags); ret = False; + } + switch (acct_flags) { + case ACB_SVRTRUST: + if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) { + printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n", + DOMAIN_RID_DCS, q.out.info->info5.primary_gid); + ret = False; + } + break; + case ACB_WSTRUST: + if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) { + printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n", + DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid); + ret = False; + } + break; + case ACB_NORMAL: + if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) { + printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n", + DOMAIN_RID_USERS, q.out.info->info5.primary_gid); + ret = False; + } + break; } } |