diff options
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_connect.c | 31 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 16 | ||||
-rw-r--r-- | source3/rpc_client/msrpc_samr.c | 100 |
3 files changed, 134 insertions, 13 deletions
diff --git a/source3/rpc_client/cli_connect.c b/source3/rpc_client/cli_connect.c index d2d23864c3..d9ae71e6c9 100644 --- a/source3/rpc_client/cli_connect.c +++ b/source3/rpc_client/cli_connect.c @@ -308,6 +308,21 @@ BOOL cli_pol_link(POLICY_HND *to, const POLICY_HND *from) get a user session key associated with a connection associated with a policy handle. ****************************************************************************/ +BOOL cli_get_con_usr_sesskey(struct cli_connection *con, uchar usr_sess_key[16]) +{ + if (con == NULL) + { + return False; + } + memcpy(usr_sess_key, con->cli->usr.pwd.sess_key, 16); + + return True; +} + +/**************************************************************************** +get a user session key associated with a connection associated with a +policy handle. +****************************************************************************/ BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]) { if (con == NULL) @@ -347,6 +362,22 @@ BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name) get a user session key associated with a connection associated with a policy handle. ****************************************************************************/ +BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]) +{ + struct cli_connection *con = NULL; + + if (!cli_connection_get(pol, &con)) + { + return False; + } + + return cli_get_con_usr_sesskey(con, usr_sess_key); +} + +/**************************************************************************** +get a user session key associated with a connection associated with a +policy handle. +****************************************************************************/ BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]) { struct cli_connection *con = NULL; diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index f4308c2107..0c3da6801a 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -954,15 +954,15 @@ BOOL samr_delete_dom_alias( POLICY_HND *alias_pol) /**************************************************************************** do a SAMR Create Domain User ****************************************************************************/ -BOOL samr_create_dom_user( POLICY_HND *domain_pol, const char *acct_name, +uint32 samr_create_dom_user( POLICY_HND *domain_pol, const char *acct_name, uint32 unk_0, uint32 unk_1, POLICY_HND *user_pol, uint32 *rid) { prs_struct data; prs_struct rdata; + uint32 status = NT_STATUS_INVALID_PARAMETER | 0xC0000000; SAMR_Q_CREATE_USER q_o; - BOOL valid_pol = False; if (user_pol == NULL || domain_pol == NULL || acct_name == NULL || rid == NULL) return False; @@ -987,26 +987,30 @@ BOOL samr_create_dom_user( POLICY_HND *domain_pol, const char *acct_name, samr_io_r_create_user("", &r_o, &rdata, 0); p = rdata.offset != 0; + status = r_o.status; if (p && r_o.status != 0) { /* report error code */ DEBUG(4,("SAMR_R_CREATE_USER: %s\n", get_nt_error_msg(r_o.status))); - p = False; + p = r_o.status != NT_STATUS_USER_EXISTS; } if (p) { memcpy(user_pol, &r_o.user_pol, sizeof(r_o.user_pol)); *rid = r_o.user_rid; - valid_pol = cli_pol_link(user_pol, domain_pol); + if (!cli_pol_link(user_pol, domain_pol)) + { + status = NT_STATUS_INVALID_HANDLE | 0xC0000000; + } } } prs_mem_free(&data ); prs_mem_free(&rdata ); - return valid_pol; + return status; } /**************************************************************************** @@ -1632,7 +1636,7 @@ BOOL samr_query_lookup_domain( POLICY_HND *pol, const char *dom_name, do a SAMR Query Lookup Names ****************************************************************************/ BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags, - uint32 num_names, char **names, + uint32 num_names, const char **names, uint32 *num_rids, uint32 rid[MAX_LOOKUP_SIDS], uint32 type[MAX_LOOKUP_SIDS]) diff --git a/source3/rpc_client/msrpc_samr.c b/source3/rpc_client/msrpc_samr.c index a2806463b5..f6148571aa 100644 --- a/source3/rpc_client/msrpc_samr.c +++ b/source3/rpc_client/msrpc_samr.c @@ -995,27 +995,111 @@ uint32 msrpc_sam_enum_aliases( const char* srv_name, /**************************************************************************** do a SAMR create domain user ****************************************************************************/ -BOOL create_samr_domain_user( POLICY_HND *pol_open_domain, +BOOL create_samr_domain_user( POLICY_HND *pol_dom, const char *acct_name, uint16 acb_info, + const char* password, uint32 *rid) { POLICY_HND pol_open_user; BOOL ret = True; + BOOL res1 = True; + char pwbuf[516]; + char randompw[24]; + int plen = 0; + SAM_USER_INFO_24 *p24; + SAM_USER_INFO_16 *p16; + SAM_USER_INFO_16 usr16; - if (pol_open_domain == NULL || acct_name == NULL) return False; + if (pol_dom == NULL || acct_name == NULL) return False; /* send create user */ - if (!samr_create_dom_user( pol_open_domain, + ret = samr_create_dom_user( pol_dom, acct_name, acb_info, 0xe005000b, - &pol_open_user, rid)) + &pol_open_user, rid); + + if (ret == 0x0) + { + samr_close(&pol_open_user); + } + + if (ret != 0 && ret != (NT_STATUS_USER_EXISTS | 0xC0000000)) { return False; } + if (ret == (NT_STATUS_USER_EXISTS | 0xC0000000)) + { + uint32 num_rids; + const char *names[1]; + uint32 type[1]; + + names[0] = acct_name; + res1 = samr_query_lookup_names( pol_dom, 0x3e8, + 1, names, + &num_rids, rid, type); + if (res1 == False || type[0] != SID_NAME_USER) + { + return False; + } + } + DEBUG(5,("create_samr_domain_user: name: %s rid 0x%x\n", acct_name, *rid)); - return samr_close(&pol_open_user) && ret; + if (IS_BITS_SET_SOME(acb_info, ACB_NORMAL | ACB_DOMTRUST) && + password == NULL) + { + return True; + } + + if (password == NULL) + { + generate_random_buffer(randompw, sizeof(randompw), True); + password = randompw; + plen = sizeof(randompw); + } + else + { + plen = strlen(password); + } + encode_pw_buffer(pwbuf, password, plen, False); + + p24 = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24)); + if (p24 == NULL) + { + return False; + } + + make_sam_user_info24(p24, pwbuf, plen); + + res1 = set_samr_set_userinfo( pol_dom, 0x18, *rid, (void*)p24); + + if (res1 == False) + { + return False; + } + + /* send set user info */ + res1 = get_samr_query_userinfo( pol_dom, 0x10, *rid, (void*)&usr16); + + if (res1 == False) + { + return False; + } + + if (usr16.acb_info != acb_info) + { + p16 = (SAM_USER_INFO_16 *) malloc(sizeof(SAM_USER_INFO_16)); + if (p16 == NULL) + { + return False; + } + p16->acb_info = usr16.acb_info; + + res1 = set_samr_set_userinfo2( pol_dom, 0x10, *rid, (void*)p16); + } + + return res1; } /**************************************************************************** @@ -1440,7 +1524,8 @@ BOOL get_samr_query_aliasinfo( SAM create domain user. ****************************************************************************/ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1, - char *acct_name, uint16 acb_info, + const char *acct_name, uint16 acb_info, + const char *password, uint32 *rid) { BOOL res = True; @@ -1464,7 +1549,8 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1, /* create a domain user */ res2 = res1 ? create_samr_domain_user( &pol_dom, - acct_name, acb_info, &user_rid) : False; + acct_name, + acb_info, password, &user_rid) : False; res1 = res1 ? samr_close( &pol_dom) : False; res = res ? samr_close( &sam_pol) : False; |