diff options
-rw-r--r-- | source3/rpc_client/init_samr.c | 83 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 107 | ||||
-rw-r--r-- | source3/utils/net_rpc_join.c | 17 |
3 files changed, 141 insertions, 66 deletions
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index a61ddb5db1..0e22e77b65 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -385,3 +385,86 @@ void init_samr_user_info21(struct samr_UserInfo21 *r, r->lm_password_set = lm_password_set; r->password_expired = password_expired; } + +/************************************************************************* + init_samr_user_info23 + *************************************************************************/ + +void init_samr_user_info23(struct samr_UserInfo23 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + const char *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + uint8_t data[516], + uint8_t pw_len) +{ + init_samr_user_info21(&r->info, + last_logon, + last_logoff, + last_password_change, + acct_expiry, + allow_password_change, + force_password_change, + account_name, + full_name, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + comment, + parameters, + rid, + primary_gid, + acct_flags, + fields_present, + logon_hours, + bad_password_count, + logon_count, + country_code, + code_page, + nt_password_set, + lm_password_set, + password_expired); + + memcpy(r->password.data, data, sizeof(r->password.data)); +} + +/************************************************************************* + init_samr_user_info24 + *************************************************************************/ + +void init_samr_user_info24(struct samr_UserInfo24 *r, + uint8_t data[516], + uint8_t pw_len) +{ + DEBUG(10, ("init_samr_user_info24:\n")); + + memcpy(r->password.data, data, sizeof(r->password.data)); + r->pw_len = pw_len; +} diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 4e3eedc681..968ae9d9b5 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -660,8 +660,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, if (argc == 2) { - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; + union samr_UserInfo info; uchar pwbuf[516]; result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, @@ -687,18 +686,17 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, /* Set password on account */ - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); - init_sam_user_info24(&p24, (char *)pwbuf,24); + init_samr_user_info24(&info.info24, pwbuf, 24); - ctr.switch_value = 24; - ctr.info.id24 = &p24; + SamOEMhashBlob(info.info24.password.data, 516, + &cli->user_session_key); - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 24, + &info); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to set password for user %s - %s\n", @@ -876,9 +874,6 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 info_level = 7; const char *old_name, *new_name; - SAM_USERINFO_CTR *user_ctr; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_7 info7; struct samr_Ids user_rids, name_types; struct lsa_String lsa_acct_name; union samr_UserInfo *info = NULL; @@ -892,9 +887,6 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, old_name = argv[0]; new_name = argv[1]; - ZERO_STRUCT(ctr); - ZERO_STRUCT(user_ctr); - /* Get sam policy handle */ result = rpccli_samr_Connect2(pipe_hnd, mem_ctx, @@ -950,14 +942,13 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid, goto done; } - ctr.switch_value = info_level; - ctr.info.id7 = &info7; - - init_sam_user_info7(&info7, new_name); + init_samr_user_info7(&info->info7, new_name); /* Set new name */ - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, - info_level, &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + info_level, + info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1031,12 +1022,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND connect_pol, domain_pol, user_pol; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; uchar pwbuf[516]; const char *user; const char *new_password; char *prompt = NULL; + union samr_UserInfo info; if (argc < 1) { d_printf("User must be specified\n"); @@ -1106,18 +1096,17 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, /* Set password on account */ - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); - encode_pw_buffer(pwbuf, new_password, STR_UNICODE); - init_sam_user_info24(&p24, (char *)pwbuf,24); + init_samr_user_info24(&info.info24, pwbuf, 24); - ctr.switch_value = 24; - ctr.info.id24 = &p24; + SamOEMhashBlob(info.info24.password.data, 516, + &cli->user_session_key); - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr); + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 24, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -5600,6 +5589,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, uint32 acct_flags=0; uint32 user_rid; uint32_t access_granted = 0; + union samr_UserInfo info; if (argc != 2) { d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n"); @@ -5658,36 +5648,41 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, } { - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_23 p23; NTTIME notime; - char nostr[] = ""; - LOGON_HRS hrs; + struct samr_LogonHours hours; + const int units_per_week = 168; uchar pwbuf[516]; encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); - ZERO_STRUCT(ctr); - ZERO_STRUCT(p23); ZERO_STRUCT(notime); - hrs.max_len = 1260; - hrs.offset = 0; - hrs.len = 21; - memset(hrs.hours, 0xFF, sizeof(hrs.hours)); - acb_info = ACB_DOMTRUST; - - init_sam_user_info23A(&p23, ¬ime, ¬ime, ¬ime, - ¬ime, ¬ime, ¬ime, - nostr, nostr, nostr, nostr, nostr, - nostr, nostr, nostr, nostr, nostr, - 0, 0, acb_info, SAMR_FIELD_ACCT_FLAGS, 168, &hrs, - 0, 0, (char *)pwbuf); - ctr.switch_value = 23; - ctr.info.id23 = &p23; - p23.passmustchange = 0; - - result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23, - &cli->user_session_key, &ctr); + + ZERO_STRUCT(hours); + hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week); + if (!hours.bits) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + hours.units_per_week = units_per_week; + memset(hours.bits, 0xFF, units_per_week); + + init_samr_user_info23(&info.info23, + notime, notime, notime, + notime, notime, notime, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + hours, + 0, 0, 0, 0, 0, 0, 0, + pwbuf, 24); + + SamOEMhashBlob(info.info23.password.data, 516, + &cli->user_session_key); + + result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 23, + &info); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("Could not set trust account password: %s\n", diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index f94e08edef..a20dc9a0c4 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -152,8 +152,6 @@ int net_rpc_join_newstyle(int argc, const char **argv) char *clear_trust_password = NULL; uchar pwbuf[516]; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_24 p24; uchar md4_trust_password[16]; union samr_UserInfo set_info; @@ -344,16 +342,15 @@ int net_rpc_join_newstyle(int argc, const char **argv) /* Set password on machine account */ - ZERO_STRUCT(ctr); - ZERO_STRUCT(p24); + init_samr_user_info24(&set_info.info24, pwbuf, 24); - init_sam_user_info24(&p24, (char *)pwbuf,24); + SamOEMhashBlob(set_info.info24.password.data, 516, + &cli->user_session_key); - ctr.switch_value = 24; - ctr.info.id24 = &p24; - - CHECK_RPC_ERR(rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, - &cli->user_session_key, &ctr), + CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 24, + &set_info), "error setting trust account password"); /* Why do we have to try to (re-)set the ACB to be the same as what |