diff options
-rw-r--r-- | source3/libnet/libnet_join.c | 24 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 26 | ||||
-rw-r--r-- | source3/utils/net_domain.c | 19 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 42 | ||||
-rw-r--r-- | source3/utils/net_rpc_join.c | 22 |
5 files changed, 99 insertions, 34 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bbbf11adc1..737474d807 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -50,6 +50,11 @@ #define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \ LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT) +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + /**************************************************************** ****************************************************************/ @@ -591,6 +596,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; const char *const_acct_name; + struct lsa_String lsa_acct_name; uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; @@ -684,6 +690,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, strlower_m(acct_name); const_acct_name = acct_name; + init_lsa_String(&lsa_acct_name, acct_name); + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { uint32_t acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | @@ -691,12 +699,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SAMR_USER_ACCESS_SET_PASSWORD | SAMR_USER_ACCESS_GET_ATTRIBUTES | SAMR_USER_ACCESS_SET_ATTRIBUTES; - - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, - &domain_pol, - acct_name, ACB_WSTRUST, - acct_flags, &user_pol, - &user_rid); + uint32_t access_granted = 0; + + status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + ACB_WSTRUST, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index f77a5d8891..976bc86d9b 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -26,6 +26,11 @@ extern DOM_SID domain_sid; +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + /**************************************************************************** display sam_user_info_7 structure ****************************************************************************/ @@ -1491,17 +1496,18 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, { POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - const char *acct_name; + struct lsa_String acct_name; uint32 acb_info; uint32 acct_flags, user_rid; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + uint32_t access_granted = 0; if ((argc < 2) || (argc > 3)) { printf("Usage: %s username [access mask]\n", argv[0]); return NT_STATUS_OK; } - acct_name = argv[1]; + init_lsa_String(&acct_name, argv[1]); if (argc > 2) sscanf(argv[2], "%x", &access_mask); @@ -1534,9 +1540,14 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, SAMR_USER_ACCESS_GET_ATTRIBUTES | SAMR_USER_ACCESS_SET_ATTRIBUTES; - result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol, - acct_name, acb_info, acct_flags, - &user_pol, &user_rid); + result = rpccli_samr_CreateUser2(cli, mem_ctx, + &domain_pol, + &acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1554,11 +1565,6 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, return result; } -static void init_lsa_String(struct lsa_String *name, const char *s) -{ - name->string = s; -} - /* Create domain group */ static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli, diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index 93b9d0bc25..74b35d0d66 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -37,6 +37,11 @@ goto done; \ } +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + /******************************************************************* Leave an AD domain. Windows XP disables the machine account. We'll try the same. The old code would do an LDAP delete. @@ -210,6 +215,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; const char *const_acct_name; + struct lsa_String lsa_acct_name; uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; @@ -224,6 +230,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, uchar md5buffer[16]; DATA_BLOB digested_session_key; uchar md4_trust_password[16]; + uint32_t access_granted = 0; /* Open the domain */ @@ -253,6 +260,8 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, strlower_m(acct_name); const_acct_name = acct_name; + init_lsa_String(&lsa_acct_name, acct_name); + /* Don't try to set any acb_info flags other than ACB_WSTRUST */ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | SEC_STD_WRITE_DAC | SEC_STD_DELETE | @@ -262,8 +271,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, acct_flags, &user_pol, &user_rid); + status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if ( !NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 50f3310d96..7091063817 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -23,6 +23,11 @@ #include "includes.h" #include "utils/net.h" +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -589,8 +594,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; const char *acct_name; + struct lsa_String lsa_acct_name; uint32 acb_info; uint32 acct_flags, user_rid; + uint32_t access_granted = 0; if (argc < 1) { d_printf("User must be specified\n"); @@ -599,6 +606,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, } acct_name = argv[0]; + init_lsa_String(&lsa_acct_name, acct_name); /* Get sam policy handle */ @@ -628,9 +636,15 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, SAMR_USER_ACCESS_GET_ATTRIBUTES | SAMR_USER_ACCESS_SET_ATTRIBUTES; - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, acct_flags, - &user_pol, &user_rid); + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1935,11 +1949,6 @@ static int rpc_group_delete(int argc, const char **argv) argc,argv); } -static void init_lsa_String(struct lsa_String *name, const char *s) -{ - name->string = s; -} - static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid, const char *domain_name, struct cli_state *cli, @@ -5445,9 +5454,11 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; + struct lsa_String lsa_acct_name; uint32 acb_info; uint32 acct_flags=0; uint32 user_rid; + uint32_t access_granted = 0; if (argc != 2) { d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n"); @@ -5457,13 +5468,15 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, /* * Make valid trusting domain account (ie. uppercased and with '$' appended) */ - + if (asprintf(&acct_name, "%s$", argv[0]) < 0) { return NT_STATUS_NO_MEMORY; } strupper_m(acct_name); + init_lsa_String(&lsa_acct_name, acct_name); + /* Get samr policy handle */ result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); @@ -5489,9 +5502,14 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, SAMR_USER_ACCESS_GET_ATTRIBUTES | SAMR_USER_ACCESS_SET_ATTRIBUTES; - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, acct_flags, - &user_pol, &user_rid); + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (!NT_STATUS_IS_OK(result)) { goto done; } diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index dbce7e9a43..27819bb6ab 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -34,6 +34,12 @@ goto done; \ } +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + + /** * confirm that a domain join is still valid * @@ -160,7 +166,9 @@ int net_rpc_join_newstyle(int argc, const char **argv) uint32 flags = 0x3e8; char *acct_name; const char *const_acct_name; + struct lsa_String lsa_acct_name; uint32 acct_flags=0; + uint32_t access_granted = 0; /* check what type of join */ if (argc >= 0) { @@ -252,6 +260,8 @@ int net_rpc_join_newstyle(int argc, const char **argv) strlower_m(acct_name); const_acct_name = acct_name; + init_lsa_String(&lsa_acct_name, acct_name); + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | SEC_STD_WRITE_DAC | SEC_STD_DELETE | SAMR_USER_ACCESS_SET_PASSWORD | @@ -260,10 +270,14 @@ int net_rpc_join_newstyle(int argc, const char **argv) DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); - result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, acb_info, - acct_flags, &user_pol, - &user_rid); + result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + acb_info, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) { |