diff options
-rw-r--r-- | source3/include/rpc_samr.h | 25 | ||||
-rw-r--r-- | source3/libnet/libnet_join.c | 10 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 9 | ||||
-rw-r--r-- | source3/utils/net_domain.c | 10 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 20 | ||||
-rw-r--r-- | source3/utils/net_rpc_join.c | 11 |
6 files changed, 35 insertions, 50 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 5ddb877b90..9f4645b691 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -145,31 +145,6 @@ SamrTestPrivateFunctionsUser #define SAMR_CHGPASSWD_USER3 0x3F #define SAMR_CONNECT5 0x40 -/* SAMR account creation flags/permissions */ -#define SAMR_USER_GETNAME 0x1 -#define SAMR_USER_GETLOCALE 0x2 -#define SAMR_USER_GETLOCCOM 0x4 -#define SAMR_USER_GETLOGONINFO 0x8 -#define SAMR_USER_GETATTR 0x10 -#define SAMR_USER_SETATTR 0x20 -#define SAMR_USER_CHPASS 0x40 -#define SAMR_USER_SETPASS 0x80 -#define SAMR_USER_GETGROUPS 0x100 -#define SAMR_USER_GETMEMBERSHIP 0x200 -#define SAMR_USER_CHMEMBERSHIP 0x400 -#define SAMR_STANDARD_DELETE 0x10000 -#define SAMR_STANDARD_READCTRL 0x20000 -#define SAMR_STANDARD_WRITEDAC 0x40000 -#define SAMR_STANDARD_WRITEOWNER 0x80000 -#define SAMR_STANDARD_SYNC 0x100000 -#define SAMR_GENERIC_ACCESSSACL 0x800000 -#define SAMR_GENERIC_MAXALLOWED 0x2000000 -#define SAMR_GENERIC_ALL 0x10000000 -#define SAMR_GENERIC_EXECUTE 0x20000000 -#define SAMR_GENERIC_WRITE 0x40000000 -#define SAMR_GENERIC_READ 0x80000000 - - typedef struct logon_hours_info { uint32 max_len; /* normally 1260 bytes */ diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 538cca7994..f83e0fbb60 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -684,10 +684,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, const_acct_name = acct_name; if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { - uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | - SAMR_USER_GETATTR | SAMR_USER_SETATTR; + uint32_t acct_flags = + SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 5b42c6bc0e..1bb13f3fe0 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1483,10 +1483,11 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, /* Create domain user */ acb_info = ACB_NORMAL; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | - SAMR_USER_GETATTR | SAMR_USER_SETATTR; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index a98f090e62..1c34a3b60e 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -245,12 +245,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, const_acct_name = acct_name; /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, &user_pol, &user_rid); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index b08a93627d..46fbcfb8ca 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -618,10 +618,11 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, /* Create domain user */ acb_info = ACB_NORMAL; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, @@ -5378,11 +5379,12 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, } /* Create trusting domain's account */ - acb_info = ACB_NORMAL; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; + acb_info = ACB_NORMAL; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 5c3fb2b2ff..271219938e 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -250,11 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv) strlower_m(acct_name); const_acct_name = acct_name; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); + result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, &user_pol, |