summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libnet/libnet_join.c24
-rw-r--r--source3/rpcclient/cmd_samr.c26
-rw-r--r--source3/utils/net_domain.c19
-rw-r--r--source3/utils/net_rpc.c42
-rw-r--r--source3/utils/net_rpc_join.c22
5 files changed, 99 insertions, 34 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index bbbf11adc1..737474d807 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -50,6 +50,11 @@
#define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \
LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT)
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
/****************************************************************
****************************************************************/
@@ -591,6 +596,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
const char *const_acct_name;
+ struct lsa_String lsa_acct_name;
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
@@ -684,6 +690,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
strlower_m(acct_name);
const_acct_name = acct_name;
+ init_lsa_String(&lsa_acct_name, acct_name);
+
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
uint32_t acct_flags =
SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
@@ -691,12 +699,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
SAMR_USER_ACCESS_SET_PASSWORD |
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
-
- status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
- &domain_pol,
- acct_name, ACB_WSTRUST,
- acct_flags, &user_pol,
- &user_rid);
+ uint32_t access_granted = 0;
+
+ status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ ACB_WSTRUST,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!(r->in.join_flags &
WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) {
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index f77a5d8891..976bc86d9b 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -26,6 +26,11 @@
extern DOM_SID domain_sid;
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
/****************************************************************************
display sam_user_info_7 structure
****************************************************************************/
@@ -1491,17 +1496,18 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
{
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- const char *acct_name;
+ struct lsa_String acct_name;
uint32 acb_info;
uint32 acct_flags, user_rid;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ uint32_t access_granted = 0;
if ((argc < 2) || (argc > 3)) {
printf("Usage: %s username [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
- acct_name = argv[1];
+ init_lsa_String(&acct_name, argv[1]);
if (argc > 2)
sscanf(argv[2], "%x", &access_mask);
@@ -1534,9 +1540,14 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
- result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
- acct_name, acb_info, acct_flags,
- &user_pol, &user_rid);
+ result = rpccli_samr_CreateUser2(cli, mem_ctx,
+ &domain_pol,
+ &acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -1554,11 +1565,6 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
return result;
}
-static void init_lsa_String(struct lsa_String *name, const char *s)
-{
- name->string = s;
-}
-
/* Create domain group */
static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
index 93b9d0bc25..74b35d0d66 100644
--- a/source3/utils/net_domain.c
+++ b/source3/utils/net_domain.c
@@ -37,6 +37,11 @@
goto done; \
}
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
/*******************************************************************
Leave an AD domain. Windows XP disables the machine account.
We'll try the same. The old code would do an LDAP delete.
@@ -210,6 +215,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
const char *const_acct_name;
+ struct lsa_String lsa_acct_name;
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
@@ -224,6 +230,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
uchar md5buffer[16];
DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
+ uint32_t access_granted = 0;
/* Open the domain */
@@ -253,6 +260,8 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
strlower_m(acct_name);
const_acct_name = acct_name;
+ init_lsa_String(&lsa_acct_name, acct_name);
+
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
@@ -262,8 +271,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
- status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, acct_flags, &user_pol, &user_rid);
+ status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 50f3310d96..7091063817 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -23,6 +23,11 @@
#include "includes.h"
#include "utils/net.h"
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@@ -589,8 +594,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
uint32 acct_flags, user_rid;
+ uint32_t access_granted = 0;
if (argc < 1) {
d_printf("User must be specified\n");
@@ -599,6 +606,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
}
acct_name = argv[0];
+ init_lsa_String(&lsa_acct_name, acct_name);
/* Get sam policy handle */
@@ -628,9 +636,15 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, acct_flags,
- &user_pol, &user_rid);
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
+
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@@ -1935,11 +1949,6 @@ static int rpc_group_delete(int argc, const char **argv)
argc,argv);
}
-static void init_lsa_String(struct lsa_String *name, const char *s)
-{
- name->string = s;
-}
-
static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
const char *domain_name,
struct cli_state *cli,
@@ -5445,9 +5454,11 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acb_info;
uint32 acct_flags=0;
uint32 user_rid;
+ uint32_t access_granted = 0;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5457,13 +5468,15 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
-
+
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
return NT_STATUS_NO_MEMORY;
}
strupper_m(acct_name);
+ init_lsa_String(&lsa_acct_name, acct_name);
+
/* Get samr policy handle */
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
@@ -5489,9 +5502,14 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, acct_flags,
- &user_pol, &user_rid);
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index dbce7e9a43..27819bb6ab 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -34,6 +34,12 @@
goto done; \
}
+static void init_lsa_String(struct lsa_String *name, const char *s)
+{
+ name->string = s;
+}
+
+
/**
* confirm that a domain join is still valid
*
@@ -160,7 +166,9 @@ int net_rpc_join_newstyle(int argc, const char **argv)
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
+ struct lsa_String lsa_acct_name;
uint32 acct_flags=0;
+ uint32_t access_granted = 0;
/* check what type of join */
if (argc >= 0) {
@@ -252,6 +260,8 @@ int net_rpc_join_newstyle(int argc, const char **argv)
strlower_m(acct_name);
const_acct_name = acct_name;
+ init_lsa_String(&lsa_acct_name, acct_name);
+
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
SAMR_USER_ACCESS_SET_PASSWORD |
@@ -260,10 +270,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
- result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info,
- acct_flags, &user_pol,
- &user_rid);
+ result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acb_info,
+ acct_flags,
+ &user_pol,
+ &access_granted,
+ &user_rid);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {