1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Use rpccli_samr_CreateUser2() all over the place.

Guenther
(This used to be commit 701af69118)
This commit is contained in:
Günther Deschner 2008-02-01 14:21:54 +01:00
parent f0438acfda
commit ddbe4ea6b7
5 changed files with 98 additions and 33 deletions

View File

@ -50,6 +50,11 @@
#define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \
LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT)
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/****************************************************************
****************************************************************/
@ -591,6 +596,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
const char *const_acct_name;
struct lsa_String lsa_acct_name;
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
@ -684,6 +690,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
strlower_m(acct_name);
const_acct_name = acct_name;
init_lsa_String(&lsa_acct_name, acct_name);
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
uint32_t acct_flags =
SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
@ -691,12 +699,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
SAMR_USER_ACCESS_SET_PASSWORD |
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
uint32_t access_granted = 0;
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
&domain_pol,
acct_name, ACB_WSTRUST,
acct_flags, &user_pol,
&user_rid);
status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
&domain_pol,
&lsa_acct_name,
ACB_WSTRUST,
acct_flags,
&user_pol,
&access_granted,
&user_rid);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!(r->in.join_flags &
WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) {

View File

@ -26,6 +26,11 @@
extern DOM_SID domain_sid;
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/****************************************************************************
display sam_user_info_7 structure
****************************************************************************/
@ -1491,17 +1496,18 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
{
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
struct lsa_String acct_name;
uint32 acb_info;
uint32 acct_flags, user_rid;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
uint32_t access_granted = 0;
if ((argc < 2) || (argc > 3)) {
printf("Usage: %s username [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
acct_name = argv[1];
init_lsa_String(&acct_name, argv[1]);
if (argc > 2)
sscanf(argv[2], "%x", &access_mask);
@ -1534,9 +1540,14 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
result = rpccli_samr_CreateUser2(cli, mem_ctx,
&domain_pol,
&acct_name,
acb_info,
acct_flags,
&user_pol,
&access_granted,
&user_rid);
if (!NT_STATUS_IS_OK(result))
goto done;
@ -1554,11 +1565,6 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
return result;
}
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/* Create domain group */
static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,

View File

@ -37,6 +37,11 @@
goto done; \
}
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/*******************************************************************
Leave an AD domain. Windows XP disables the machine account.
We'll try the same. The old code would do an LDAP delete.
@ -210,6 +215,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
const char *const_acct_name;
struct lsa_String lsa_acct_name;
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
@ -224,6 +230,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
uchar md5buffer[16];
DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
uint32_t access_granted = 0;
/* Open the domain */
@ -253,6 +260,8 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
strlower_m(acct_name);
const_acct_name = acct_name;
init_lsa_String(&lsa_acct_name, acct_name);
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
@ -262,8 +271,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags, &user_pol, &user_rid);
status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
&domain_pol,
&lsa_acct_name,
acb_info,
acct_flags,
&user_pol,
&access_granted,
&user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))

View File

@ -23,6 +23,11 @@
#include "includes.h"
#include "utils/net.h"
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@ -589,8 +594,10 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
struct lsa_String lsa_acct_name;
uint32 acb_info;
uint32 acct_flags, user_rid;
uint32_t access_granted = 0;
if (argc < 1) {
d_printf("User must be specified\n");
@ -599,6 +606,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
}
acct_name = argv[0];
init_lsa_String(&lsa_acct_name, acct_name);
/* Get sam policy handle */
@ -628,9 +636,15 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
&domain_pol,
&lsa_acct_name,
acb_info,
acct_flags,
&user_pol,
&access_granted,
&user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
@ -1935,11 +1949,6 @@ static int rpc_group_delete(int argc, const char **argv)
argc,argv);
}
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
const char *domain_name,
struct cli_state *cli,
@ -5445,9 +5454,11 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
struct lsa_String lsa_acct_name;
uint32 acb_info;
uint32 acct_flags=0;
uint32 user_rid;
uint32_t access_granted = 0;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@ -5457,13 +5468,15 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
/*
* Make valid trusting domain account (ie. uppercased and with '$' appended)
*/
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
return NT_STATUS_NO_MEMORY;
}
strupper_m(acct_name);
init_lsa_String(&lsa_acct_name, acct_name);
/* Get samr policy handle */
result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
@ -5489,9 +5502,14 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
&domain_pol,
&lsa_acct_name,
acb_info,
acct_flags,
&user_pol,
&access_granted,
&user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}

View File

@ -34,6 +34,12 @@
goto done; \
}
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/**
* confirm that a domain join is still valid
*
@ -160,7 +166,9 @@ int net_rpc_join_newstyle(int argc, const char **argv)
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
struct lsa_String lsa_acct_name;
uint32 acct_flags=0;
uint32_t access_granted = 0;
/* check what type of join */
if (argc >= 0) {
@ -252,6 +260,8 @@ int net_rpc_join_newstyle(int argc, const char **argv)
strlower_m(acct_name);
const_acct_name = acct_name;
init_lsa_String(&lsa_acct_name, acct_name);
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
SAMR_USER_ACCESS_SET_PASSWORD |
@ -260,10 +270,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info,
acct_flags, &user_pol,
&user_rid);
result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
&domain_pol,
&lsa_acct_name,
acb_info,
acct_flags,
&user_pol,
&access_granted,
&user_rid);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {