From 92183450f1eedd2892ed8612ccaf97c65098c636 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 25 Jan 2008 01:00:51 +0100 Subject: Trying to avoid defining new SAMR acct creation flags when we already have them with different names. Matt, Jeremy, please check. Guenther (This used to be commit d4a9e46edf7336f673c001c559af96eb0ecf9f6f) --- source3/utils/net_domain.c | 10 ++++++---- source3/utils/net_rpc.c | 20 +++++++++++--------- source3/utils/net_rpc_join.c | 11 +++++++---- 3 files changed, 24 insertions(+), 17 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index a98f090e62..1c34a3b60e 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -245,12 +245,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, const_acct_name = acct_name; /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, &user_pol, &user_rid); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index b08a93627d..46fbcfb8ca 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -618,10 +618,11 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, /* Create domain user */ acb_info = ACB_NORMAL; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, @@ -5378,11 +5379,12 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, } /* Create trusting domain's account */ - acb_info = ACB_NORMAL; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; + acb_info = ACB_NORMAL; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 5c3fb2b2ff..271219938e 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -250,11 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv) strlower_m(acct_name); const_acct_name = acct_name; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR | - SAMR_USER_SETATTR; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; + DEBUG(10, ("Creating account with flags: %d\n",acct_flags)); + result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, acb_info, acct_flags, &user_pol, -- cgit