mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
Forward ported version of Matt Geddes <musicalcarrion@gmail.com>
patch for adding acct_flags to rpccli_samr_create_dom_user(). Jerry please test. Jeremy. (This used to be commit 7d94f97947b7edfcf3ec52f0125e4593d6d54c05)
This commit is contained in:
parent
a925a53f61
commit
a0186fb78d
@ -145,6 +145,31 @@ SamrTestPrivateFunctionsUser
|
||||
#define SAMR_CHGPASSWD_USER3 0x3F
|
||||
#define SAMR_CONNECT5 0x40
|
||||
|
||||
/* SAMR account creation flags/permissions */
|
||||
#define SAMR_USER_GETNAME 0x1
|
||||
#define SAMR_USER_GETLOCALE 0x2
|
||||
#define SAMR_USER_GETLOCCOM 0x4
|
||||
#define SAMR_USER_GETLOGONINFO 0x8
|
||||
#define SAMR_USER_GETATTR 0x10
|
||||
#define SAMR_USER_SETATTR 0x20
|
||||
#define SAMR_USER_CHPASS 0x40
|
||||
#define SAMR_USER_SETPASS 0x80
|
||||
#define SAMR_USER_GETGROUPS 0x100
|
||||
#define SAMR_USER_GETMEMBERSHIP 0x200
|
||||
#define SAMR_USER_CHMEMBERSHIP 0x400
|
||||
#define SAMR_STANDARD_DELETE 0x10000
|
||||
#define SAMR_STANDARD_READCTRL 0x20000
|
||||
#define SAMR_STANDARD_WRITEDAC 0x40000
|
||||
#define SAMR_STANDARD_WRITEOWNER 0x80000
|
||||
#define SAMR_STANDARD_SYNC 0x100000
|
||||
#define SAMR_GENERIC_ACCESSSACL 0x800000
|
||||
#define SAMR_GENERIC_MAXALLOWED 0x2000000
|
||||
#define SAMR_GENERIC_ALL 0x10000000
|
||||
#define SAMR_GENERIC_EXECUTE 0x20000000
|
||||
#define SAMR_GENERIC_WRITE 0x40000000
|
||||
#define SAMR_GENERIC_READ 0x80000000
|
||||
|
||||
|
||||
typedef struct logon_hours_info
|
||||
{
|
||||
uint32 max_len; /* normally 1260 bytes */
|
||||
@ -1555,7 +1580,7 @@ typedef struct q_samr_create_user_info
|
||||
UNISTR2 uni_name; /* unicode account name */
|
||||
|
||||
uint32 acb_info; /* account control info */
|
||||
uint32 access_mask; /* 0xe005 00b0 */
|
||||
uint32 acct_flags; /* 0xe005 00b0 */
|
||||
|
||||
} SAMR_Q_CREATE_USER;
|
||||
|
||||
|
@ -684,10 +684,15 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||
const_acct_name = acct_name;
|
||||
|
||||
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
|
||||
uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
|
||||
SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
|
||||
SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
|
||||
SAMR_USER_GETATTR | SAMR_USER_SETATTR;
|
||||
|
||||
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
|
||||
&domain_pol,
|
||||
acct_name, ACB_WSTRUST,
|
||||
0xe005000b, &user_pol,
|
||||
acct_flags, &user_pol,
|
||||
&user_rid);
|
||||
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
|
||||
if (!(r->in.join_flags &
|
||||
|
@ -1643,7 +1643,7 @@ NTSTATUS rpccli_samr_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
|
||||
|
||||
NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||
POLICY_HND *domain_pol, const char *acct_name,
|
||||
uint32 acb_info, uint32 access_mask,
|
||||
uint32 acb_info, uint32 acct_flags,
|
||||
POLICY_HND *user_pol, uint32 *rid)
|
||||
{
|
||||
prs_struct qbuf, rbuf;
|
||||
@ -1658,7 +1658,7 @@ NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *me
|
||||
|
||||
/* Marshall data and send request */
|
||||
|
||||
init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, access_mask);
|
||||
init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, acct_flags);
|
||||
|
||||
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_USER,
|
||||
q, r,
|
||||
|
@ -5172,7 +5172,7 @@ reads or writes a structure.
|
||||
void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
|
||||
POLICY_HND *pol,
|
||||
const char *name,
|
||||
uint32 acb_info, uint32 access_mask)
|
||||
uint32 acb_info, uint32 acct_flags)
|
||||
{
|
||||
DEBUG(5, ("samr_init_samr_q_create_user\n"));
|
||||
|
||||
@ -5182,7 +5182,7 @@ void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
|
||||
init_uni_hdr(&q_u->hdr_name, &q_u->uni_name);
|
||||
|
||||
q_u->acb_info = acb_info;
|
||||
q_u->access_mask = access_mask;
|
||||
q_u->acct_flags = acct_flags;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -5213,7 +5213,7 @@ bool samr_io_q_create_user(const char *desc, SAMR_Q_CREATE_USER * q_u,
|
||||
return False;
|
||||
if(!prs_uint32("acb_info ", ps, depth, &q_u->acb_info))
|
||||
return False;
|
||||
if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
|
||||
if(!prs_uint32("acct_flags", ps, depth, &q_u->acct_flags))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
|
@ -1450,7 +1450,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
const char *acct_name;
|
||||
uint32 acb_info;
|
||||
uint32 user_rid;
|
||||
uint32 acct_flags, user_rid;
|
||||
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
|
||||
|
||||
if ((argc < 2) || (argc > 3)) {
|
||||
@ -1459,7 +1459,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
|
||||
}
|
||||
|
||||
acct_name = argv[1];
|
||||
|
||||
|
||||
if (argc > 2)
|
||||
sscanf(argv[2], "%x", &access_mask);
|
||||
|
||||
@ -1483,10 +1483,13 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
|
||||
/* Create domain user */
|
||||
|
||||
acb_info = ACB_NORMAL;
|
||||
access_mask = 0xe005000b;
|
||||
acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
|
||||
SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
|
||||
SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
|
||||
SAMR_USER_GETATTR | SAMR_USER_SETATTR;
|
||||
|
||||
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, access_mask,
|
||||
acct_name, acb_info, acct_flags,
|
||||
&user_pol, &user_rid);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
|
@ -208,6 +208,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||
uint32 num_rids, *name_types, *user_rids;
|
||||
uint32 flags = 0x3e8;
|
||||
uint32 acb_info = ACB_WSTRUST;
|
||||
uint32 acct_flags;
|
||||
uint32 fields_present;
|
||||
uchar pwbuf[532];
|
||||
SAM_USERINFO_CTR ctr;
|
||||
@ -245,8 +246,13 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
|
||||
|
||||
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
|
||||
|
||||
acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
|
||||
SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
|
||||
SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
|
||||
SAMR_USER_SETATTR;
|
||||
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
|
||||
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
|
||||
acct_name, acb_info, acct_flags, &user_pol, &user_rid);
|
||||
|
||||
if ( !NT_STATUS_IS_OK(status)
|
||||
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
|
||||
|
@ -588,7 +588,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
const char *acct_name;
|
||||
uint32 acb_info;
|
||||
uint32 access_mask, user_rid;
|
||||
uint32 acct_flags, user_rid;
|
||||
|
||||
if (argc < 1) {
|
||||
d_printf("User must be specified\n");
|
||||
@ -618,10 +618,13 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
|
||||
/* Create domain user */
|
||||
|
||||
acb_info = ACB_NORMAL;
|
||||
access_mask = 0xe005000b;
|
||||
acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
|
||||
SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
|
||||
SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
|
||||
SAMR_USER_SETATTR;
|
||||
|
||||
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, access_mask,
|
||||
acct_name, acb_info, acct_flags,
|
||||
&user_pol, &user_rid);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
@ -5341,7 +5344,8 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
char *acct_name;
|
||||
uint32 acb_info;
|
||||
uint32 unknown, user_rid;
|
||||
uint32 acct_flags=0;
|
||||
uint32 user_rid;
|
||||
|
||||
if (argc != 2) {
|
||||
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
|
||||
@ -5375,11 +5379,13 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
|
||||
|
||||
/* Create trusting domain's account */
|
||||
acb_info = ACB_NORMAL;
|
||||
unknown = 0xe00500b0; /* No idea what this is - a permission mask?
|
||||
mimir: yes, most probably it is */
|
||||
acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
|
||||
SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
|
||||
SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
|
||||
SAMR_USER_SETATTR;
|
||||
|
||||
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info, unknown,
|
||||
acct_name, acb_info, acct_flags,
|
||||
&user_pol, &user_rid);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
|
@ -160,6 +160,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
uint32 flags = 0x3e8;
|
||||
char *acct_name;
|
||||
const char *const_acct_name;
|
||||
uint32 acct_flags=0;
|
||||
|
||||
/* check what type of join */
|
||||
if (argc >= 0) {
|
||||
@ -249,9 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
||||
strlower_m(acct_name);
|
||||
const_acct_name = acct_name;
|
||||
|
||||
acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
|
||||
SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
|
||||
SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
|
||||
SAMR_USER_SETATTR;
|
||||
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
|
||||
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
|
||||
acct_name, acb_info,
|
||||
0xe005000b, &user_pol,
|
||||
acct_flags, &user_pol,
|
||||
&user_rid);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result) &&
|
||||
|
Loading…
x
Reference in New Issue
Block a user