summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h10
-rw-r--r--source3/passdb/smbpassfile.c35
-rw-r--r--source3/rpc_client/cli_login.c2
-rw-r--r--source3/rpc_client/cli_netlogon.c5
-rw-r--r--source3/rpc_client/cli_samr.c2
-rw-r--r--source3/rpc_client/msrpc_samr.c19
-rw-r--r--source3/rpc_parse/parse_samr.c2
-rw-r--r--source3/rpcclient/cmd_samr.c55
-rw-r--r--source3/utils/smbpasswd.c33
9 files changed, 101 insertions, 62 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d6a03a8d6f..064e2f32a5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1711,6 +1711,7 @@ BOOL trust_password_delete( char *domain, char *name );
BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
BOOL set_trust_account_password( unsigned char *md4_new_pwd);
BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname);
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]);
/*The following definitions come from passdb/smbpassgroup.c */
@@ -1904,6 +1905,7 @@ void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred);
BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level);
uint32 cli_net_auth2(const char *srv_name,
const char *trust_acct,
+ const char *acct_name,
uint16 sec_chan,
uint32 neg_flags, DOM_CHAL *srv_chal);
uint32 cli_net_req_chal( const char *srv_name, const char* myhostname,
@@ -2059,7 +2061,7 @@ BOOL samr_open_domain( const POLICY_HND *connect_pol,
BOOL samr_query_lookup_domain( POLICY_HND *pol, const char *dom_name,
DOM_SID *dom_sid);
BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **names,
+ uint32 num_names, char **names,
uint32 *num_rids,
uint32 rid[MAX_LOOKUP_SIDS],
uint32 type[MAX_LOOKUP_SIDS]);
@@ -2301,7 +2303,7 @@ uint32 msrpc_sam_enum_aliases( const char* srv_name,
ALIAS_MEM_FN(als_mem_fn));
BOOL create_samr_domain_user( POLICY_HND *pol_dom,
const char *acct_name, uint16 acb_info,
- const char* password,
+ const char* password, int plen,
uint32 *rid);
BOOL create_samr_domain_alias( POLICY_HND *pol_open_domain,
const char *acct_name, const char *acct_desc,
@@ -2348,7 +2350,7 @@ BOOL get_samr_query_aliasinfo(
uint32 alias_rid, ALIAS_INFO_CTR *ctr);
BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
const char *acct_name, uint16 acb_info,
- const char *password,
+ const char *password, int plen,
uint32 *rid);
BOOL msrpc_sam_query_dispinfo(const char* srv_name, const char* domain,
DOM_SID *sid1,
@@ -3030,7 +3032,7 @@ BOOL make_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM *r_u,
BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM *r_u, prs_struct *ps, int depth);
BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **name);
+ uint32 num_names, char **name);
BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth);
BOOL make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
uint32 num_rids, uint32 *rid, uint8 *type, uint32 status);
diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
index 83b0e7ef6b..d2a7b0bdf9 100644
--- a/source3/passdb/smbpassfile.c
+++ b/source3/passdb/smbpassfile.c
@@ -43,7 +43,7 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
- DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
+ DEBUG(0,("get_trust_account_file_name: path %s too long to add trust details.\n",
mac_file));
return;
}
@@ -268,3 +268,36 @@ trust %s in domain %s.\n", myname, domain ));
}
return True;
}
+
+/*********************************************************
+record Trust Account password.
+**********************************************************/
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
+{
+ /*
+ * Create the machine account password file.
+ */
+
+ if (!trust_password_lock( domain, name, True))
+ {
+ DEBUG(0,("unable to open the trust account password file for \
+account %s in domain %s.\n", name, domain));
+ return False;
+ }
+
+ /*
+ * Write the old machine account password.
+ */
+
+ if (!set_trust_account_password( pass))
+ {
+ DEBUG(0,("unable to write the trust account password for \
+%s in domain %s.\n", name, domain));
+ trust_password_unlock();
+ return False;
+ }
+
+ trust_password_unlock();
+
+ return True;
+}
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 832731d92d..a9244c886e 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -89,7 +89,7 @@ uint32 cli_nt_setup_creds( char* servers, const char* myhostname,
* Receive an auth-2 challenge response and check it.
*/
- ret = cli_net_auth2(srv_name, trust_acct,
+ ret = cli_net_auth2(srv_name, trust_acct, myhostname,
sec_chan, 0x000001ff, &srv_chal);
if (ret != 0x0)
{
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 1231c706d0..fd6242c996 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -114,6 +114,7 @@ encrypt of the server challenge originally received. JRA.
uint32 cli_net_auth2(const char *srv_name,
const char *trust_acct,
+ const char *acct_name,
uint16 sec_chan,
uint32 neg_flags, DOM_CHAL *srv_chal)
{
@@ -142,13 +143,13 @@ uint32 cli_net_auth2(const char *srv_name,
/* create and send a MSRPC command with api NET_AUTH2 */
DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
- srv_name, trust_acct, sec_chan, srv_name,
+ srv_name, trust_acct, sec_chan, acct_name,
neg_flags));
cli_con_get_cli_cred(con, &clnt_cred);
/* store the parameters */
- make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, srv_name,
+ make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name,
&clnt_cred.challenge, neg_flags);
/* turn parameters into data stream */
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 0c3da6801a..a0cb48969d 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1636,7 +1636,7 @@ BOOL samr_query_lookup_domain( POLICY_HND *pol, const char *dom_name,
do a SAMR Query Lookup Names
****************************************************************************/
BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **names,
+ uint32 num_names, char **names,
uint32 *num_rids,
uint32 rid[MAX_LOOKUP_SIDS],
uint32 type[MAX_LOOKUP_SIDS])
diff --git a/source3/rpc_client/msrpc_samr.c b/source3/rpc_client/msrpc_samr.c
index f6148571aa..49f34fe386 100644
--- a/source3/rpc_client/msrpc_samr.c
+++ b/source3/rpc_client/msrpc_samr.c
@@ -997,15 +997,13 @@ do a SAMR create domain user
****************************************************************************/
BOOL create_samr_domain_user( POLICY_HND *pol_dom,
const char *acct_name, uint16 acb_info,
- const char* password,
+ const char* password, int plen,
uint32 *rid)
{
POLICY_HND pol_open_user;
BOOL ret = True;
BOOL res1 = True;
char pwbuf[516];
- char randompw[24];
- int plen = 0;
SAM_USER_INFO_24 *p24;
SAM_USER_INFO_16 *p16;
SAM_USER_INFO_16 usr16;
@@ -1052,16 +1050,6 @@ BOOL create_samr_domain_user( POLICY_HND *pol_dom,
return True;
}
- if (password == NULL)
- {
- generate_random_buffer(randompw, sizeof(randompw), True);
- password = randompw;
- plen = sizeof(randompw);
- }
- else
- {
- plen = strlen(password);
- }
encode_pw_buffer(pwbuf, password, plen, False);
p24 = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24));
@@ -1525,7 +1513,7 @@ SAM create domain user.
****************************************************************************/
BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
const char *acct_name, uint16 acb_info,
- const char *password,
+ const char *password, int plen,
uint32 *rid)
{
BOOL res = True;
@@ -1535,6 +1523,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
uint32 user_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
+ char *pwd = NULL;
/* establish a connection. */
res = res ? samr_connect(
@@ -1550,7 +1539,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
res2 = res1 ? create_samr_domain_user(
&pol_dom,
acct_name,
- acb_info, password, &user_rid) : False;
+ acb_info, password, plen, &user_rid) : False;
res1 = res1 ? samr_close( &pol_dom) : False;
res = res ? samr_close( &sam_pol) : False;
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 45dc5b57c8..8ce5275bae 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -4399,7 +4399,7 @@ makes a SAMR_Q_LOOKUP_NAMES structure.
********************************************************************/
BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **name)
+ uint32 num_names, char **name)
{
uint32 i;
if (q_u == NULL) return False;
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index a8ab18f6b8..33deb77f4c 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -690,11 +690,18 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
{
fstring domain;
fstring acct_name;
+ fstring name;
fstring sid;
DOM_SID sid1;
uint32 user_rid;
uint16 acb_info = ACB_NORMAL;
+ BOOL join_domain = False;
int opt;
+ char *password = NULL;
+ int plen = 0;
+ int len = 0;
+ UNISTR2 upw;
+
fstring srv_name;
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
@@ -713,7 +720,7 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
if (argc < 2)
{
- report(out_hnd, "createuser: <acct name> [-i] [-s]\n");
+ report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n");
return;
}
@@ -721,12 +728,15 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
argv++;
safe_strcpy(acct_name, argv[0], sizeof(acct_name));
- if (acct_name[strlen(acct_name)-1] == '$')
+ len = strlen(acct_name)-1;
+ if (acct_name[len] == '$')
{
+ safe_strcpy(name, argv[0], sizeof(name));
+ name[len] = 0;
acb_info = ACB_WSTRUST;
}
- while ((opt = getopt(argc, argv,"is")) != EOF)
+ while ((opt = getopt(argc, argv,"isj")) != EOF)
{
switch (opt)
{
@@ -740,19 +750,56 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
acb_info = ACB_SVRTRUST;
break;
}
+ case 'j':
+ {
+ join_domain = True;
+ }
}
}
+ if (join_domain && acb_info == ACB_NORMAL)
+ {
+ report(out_hnd, "can only join trust accounts to a domain\n");
+ return;
+ }
+
report(out_hnd, "SAM Create Domain User\n");
report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
domain, acct_name,
pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+ if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
+ {
+ upw.uni_str_len = 24;
+ upw.uni_max_len = 24;
+ generate_random_buffer((uchar*)upw.buffer,
+ upw.uni_str_len, True);
+ password = (char*)upw.buffer;
+ plen = upw.uni_str_len;
+ }
+
if (msrpc_sam_create_dom_user(srv_name, &sid1,
- acct_name, acb_info, NULL,
+ acct_name, acb_info, password, plen,
&user_rid))
{
report(out_hnd, "Create Domain User: OK\n");
+
+ if (join_domain)
+ {
+ uchar ntpw[16];
+
+ nt_owf_genW(&upw, ntpw);
+
+ report(out_hnd, "Join %s to Domain %s", name, domain);
+ if (create_trust_account_file(domain, name, ntpw))
+ {
+ report(out_hnd, ": OK\n");
+ }
+ else
+ {
+ report(out_hnd, ": FAILED\n");
+ }
+ }
}
else
{
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 7411d07a9b..3b87687c26 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -81,39 +81,6 @@ static void usage(void)
}
/*********************************************************
-record Trust Account password.
-**********************************************************/
-static BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
-{
- /*
- * Create the machine account password file.
- */
-
- if(!trust_password_lock( domain, name, True))
- {
- fprintf(stderr, "unable to open the trust account password file for \
-machine %s in domain %s.\n", global_myname, domain);
- return False;
- }
-
- /*
- * Write the old machine account password.
- */
-
- if(!set_trust_account_password( pass))
- {
- fprintf(stderr, "unable to write the trust account password for \
-%s in domain %s.\n", name, domain);
- trust_password_unlock();
- return False;
- }
-
- trust_password_unlock();
-
- return True;
-}
-
-/*********************************************************
Join a domain.
**********************************************************/
static int create_interdomain_trust_acct(char *domain, char *name)