mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
Use rpccli_samr_CreateUser2() all over the place.
Guenther
This commit is contained in:
parent
36f52b631c
commit
701af69118
@ -50,6 +50,11 @@
|
||||
#define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \
|
||||
LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT)
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
@ -591,6 +596,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
|
||||
char *acct_name;
|
||||
const char *const_acct_name;
|
||||
struct lsa_String lsa_acct_name;
|
||||
uint32 user_rid;
|
||||
uint32 num_rids, *name_types, *user_rids;
|
||||
uint32 flags = 0x3e8;
|
||||
@ -684,6 +690,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||
strlower_m(acct_name);
|
||||
const_acct_name = acct_name;
|
||||
|
||||
init_lsa_String(&lsa_acct_name, acct_name);
|
||||
|
||||
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
|
||||
uint32_t acct_flags =
|
||||
SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
|
||||
@ -691,12 +699,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||
SAMR_USER_ACCESS_SET_PASSWORD |
|
||||
SAMR_USER_ACCESS_GET_ATTRIBUTES |
|
||||
SAMR_USER_ACCESS_SET_ATTRIBUTES;
|
||||
uint32_t access_granted = 0;
|
||||
|
||||
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
acct_name, ACB_WSTRUST,
|
||||
acct_flags, &user_pol,
|
||||
&user_rid);
|
||||
status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
&lsa_acct_name,
|
||||
ACB_WSTRUST,
|
||||
acct_flags,
|
||||
&user_pol,
|
||||
&access_granted,
|
||||
&user_rid);
|
||||
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
|
||||
if (!(r->in.join_flags &
|
||||
WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) {
|
||||
|
@ -26,6 +26,11 @@
|
||||
|
||||
extern DOM_SID domain_sid;
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
display sam_user_info_7 structure
|
||||
****************************************************************************/
|
||||
@ -1491,17 +1496,18 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
|
||||
{
|
||||
POLICY_HND connect_pol, domain_pol, user_pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
const char *acct_name;
|
||||
struct lsa_String acct_name;
|
||||
uint32 acb_info;
|
||||
uint32 acct_flags, user_rid;
|
||||
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
|
||||
uint32_t access_granted = 0;
|
||||
|
||||
if ((argc < 2) || (argc > 3)) {
|
||||
printf("Usage: %s username [access mask]\n", argv[0]);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
acct_name = argv[1];
|
||||
init_lsa_String(&acct_name, argv[1]);
|
||||
|
||||
if (argc > 2)
|
||||
sscanf(argv[2], "%x", &access_mask);
|
||||
@ -1534,9 +1540,14 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
|
||||
SAMR_USER_ACCESS_GET_ATTRIBUTES |
|
||||
SAMR_USER_ACCESS_SET_ATTRIBUTES;
|
||||
|
||||
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, acct_flags,
|
||||
&user_pol, &user_rid);
|
||||
result = rpccli_samr_CreateUser2(cli, mem_ctx,
|
||||
&domain_pol,
|
||||
&acct_name,
|
||||
acb_info,
|
||||
acct_flags,
|
||||
&user_pol,
|
||||
&access_granted,
|
||||
&user_rid);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
@ -1554,11 +1565,6 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
/* Create domain group */
|
||||
|
||||
static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
|
||||
|
@ -37,6 +37,11 @@
|
||||
goto done; \
|
||||
}
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Leave an AD domain. Windows XP disables the machine account.
|
||||
We'll try the same. The old code would do an LDAP delete.
|
||||
@ -210,6 +215,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
|
||||
char *acct_name;
|
||||
const char *const_acct_name;
|
||||
struct lsa_String lsa_acct_name;
|
||||
uint32 user_rid;
|
||||
uint32 num_rids, *name_types, *user_rids;
|
||||
uint32 flags = 0x3e8;
|
||||
@ -224,6 +230,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||
uchar md5buffer[16];
|
||||
DATA_BLOB digested_session_key;
|
||||
uchar md4_trust_password[16];
|
||||
uint32_t access_granted = 0;
|
||||
|
||||
/* Open the domain */
|
||||
|
||||
@ -253,6 +260,8 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||
strlower_m(acct_name);
|
||||
const_acct_name = acct_name;
|
||||
|
||||
init_lsa_String(&lsa_acct_name, acct_name);
|
||||
|
||||
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
|
||||
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
|
||||
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
|
||||
@ -262,8 +271,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||
|
||||
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
|
||||
|
||||
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, acct_flags, &user_pol, &user_rid);
|
||||
status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
&lsa_acct_name,
|
||||
acb_info,
|
||||
acct_flags,
|
||||
&user_pol,
|
||||
&access_granted,
|
||||
&user_rid);
|
||||
|
||||
if ( !NT_STATUS_IS_OK(status)
|
||||
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
|
||||
|
@ -23,6 +23,11 @@
|
||||
#include "includes.h"
|
||||
#include "utils/net.h"
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
static int net_mode_share;
|
||||
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
|
||||
|
||||
@ -589,8 +594,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
|
||||
POLICY_HND connect_pol, domain_pol, user_pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
const char *acct_name;
|
||||
struct lsa_String lsa_acct_name;
|
||||
uint32 acb_info;
|
||||
uint32 acct_flags, user_rid;
|
||||
uint32_t access_granted = 0;
|
||||
|
||||
if (argc < 1) {
|
||||
d_printf("User must be specified\n");
|
||||
@ -599,6 +606,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
|
||||
}
|
||||
|
||||
acct_name = argv[0];
|
||||
init_lsa_String(&lsa_acct_name, acct_name);
|
||||
|
||||
/* Get sam policy handle */
|
||||
|
||||
@ -628,9 +636,15 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
|
||||
SAMR_USER_ACCESS_GET_ATTRIBUTES |
|
||||
SAMR_USER_ACCESS_SET_ATTRIBUTES;
|
||||
|
||||
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, acct_flags,
|
||||
&user_pol, &user_rid);
|
||||
result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
&lsa_acct_name,
|
||||
acb_info,
|
||||
acct_flags,
|
||||
&user_pol,
|
||||
&access_granted,
|
||||
&user_rid);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
@ -1935,11 +1949,6 @@ static int rpc_group_delete(int argc, const char **argv)
|
||||
argc,argv);
|
||||
}
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
|
||||
const char *domain_name,
|
||||
struct cli_state *cli,
|
||||
@ -5445,9 +5454,11 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
|
||||
POLICY_HND connect_pol, domain_pol, user_pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
char *acct_name;
|
||||
struct lsa_String lsa_acct_name;
|
||||
uint32 acb_info;
|
||||
uint32 acct_flags=0;
|
||||
uint32 user_rid;
|
||||
uint32_t access_granted = 0;
|
||||
|
||||
if (argc != 2) {
|
||||
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
|
||||
@ -5457,13 +5468,15 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
|
||||
/*
|
||||
* Make valid trusting domain account (ie. uppercased and with '$' appended)
|
||||
*/
|
||||
|
||||
|
||||
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
strupper_m(acct_name);
|
||||
|
||||
init_lsa_String(&lsa_acct_name, acct_name);
|
||||
|
||||
/* Get samr policy handle */
|
||||
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
|
||||
&connect_pol);
|
||||
@ -5489,9 +5502,14 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
|
||||
SAMR_USER_ACCESS_GET_ATTRIBUTES |
|
||||
SAMR_USER_ACCESS_SET_ATTRIBUTES;
|
||||
|
||||
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, acct_flags,
|
||||
&user_pol, &user_rid);
|
||||
result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
&lsa_acct_name,
|
||||
acb_info,
|
||||
acct_flags,
|
||||
&user_pol,
|
||||
&access_granted,
|
||||
&user_rid);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
@ -34,6 +34,12 @@
|
||||
goto done; \
|
||||
}
|
||||
|
||||
static void init_lsa_String(struct lsa_String *name, const char *s)
|
||||
{
|
||||
name->string = s;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* confirm that a domain join is still valid
|
||||
*
|
||||
@ -160,7 +166,9 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
uint32 flags = 0x3e8;
|
||||
char *acct_name;
|
||||
const char *const_acct_name;
|
||||
struct lsa_String lsa_acct_name;
|
||||
uint32 acct_flags=0;
|
||||
uint32_t access_granted = 0;
|
||||
|
||||
/* check what type of join */
|
||||
if (argc >= 0) {
|
||||
@ -252,6 +260,8 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
strlower_m(acct_name);
|
||||
const_acct_name = acct_name;
|
||||
|
||||
init_lsa_String(&lsa_acct_name, acct_name);
|
||||
|
||||
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
|
||||
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
|
||||
SAMR_USER_ACCESS_SET_PASSWORD |
|
||||
@ -260,10 +270,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
|
||||
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
|
||||
|
||||
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info,
|
||||
acct_flags, &user_pol,
|
||||
&user_rid);
|
||||
result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
&lsa_acct_name,
|
||||
acb_info,
|
||||
acct_flags,
|
||||
&user_pol,
|
||||
&access_granted,
|
||||
&user_rid);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result) &&
|
||||
!NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
|
||||
|
Loading…
Reference in New Issue
Block a user