summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_domain.c8
-rw-r--r--source3/utils/net_rpc.c20
-rw-r--r--source3/utils/net_rpc_join.c12
-rw-r--r--source3/utils/net_rpc_samsync.c2
4 files changed, 30 insertions, 12 deletions
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
index da5e61caf0..a98f090e62 100644
--- a/source3/utils/net_domain.c
+++ b/source3/utils/net_domain.c
@@ -208,6 +208,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
uint32 acb_info = ACB_WSTRUST;
+ uint32 acct_flags;
uint32 fields_present;
uchar pwbuf[532];
SAM_USERINFO_CTR ctr;
@@ -245,8 +246,13 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
+ acct_name, acb_info, acct_flags, &user_pol, &user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 677924649c..b08a93627d 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -588,7 +588,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 access_mask, user_rid;
+ uint32 acct_flags, user_rid;
if (argc < 1) {
d_printf("User must be specified\n");
@@ -618,10 +618,13 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
/* Create domain user */
acb_info = ACB_NORMAL;
- access_mask = 0xe005000b;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, access_mask,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -5341,7 +5344,8 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5375,11 +5379,13 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
/* Create trusting domain's account */
acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 6e37f3c84c..5c3fb2b2ff 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -45,7 +45,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server,
{
enum security_types sec;
unsigned int conn_flags = NET_FLAGS_PDC;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -132,7 +132,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
@@ -160,6 +160,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
+ uint32 acct_flags=0;
/* check what type of join */
if (argc >= 0) {
@@ -249,9 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
strlower_m(acct_name);
const_acct_name = acct_name;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info,
- 0xe005000b, &user_pol,
+ acct_flags, &user_pol,
&user_rid);
if (!NT_STATUS_IS_OK(result) &&
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index d0fcfe3aeb..e1f0cd3751 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
uchar trust_password[16];
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
uint32 sec_channel_type = 0;
if (!secrets_fetch_trust_account_password(domain_name,