[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-2649-gbc2d3d5
Günther Deschner
gd at samba.org
Fri Feb 29 00:30:37 GMT 2008
The branch, v3-2-test has been updated
via bc2d3d51449831146a9faf6e809e7a91d174659c (commit)
via 63894e5c93ef0663fc58bcc191777cd1aca7e21c (commit)
from dcffb885bc5d16e795b71d95e0790d3d7d70cf3c (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit bc2d3d51449831146a9faf6e809e7a91d174659c
Author: Günther Deschner <gd at samba.org>
Date: Fri Feb 29 01:27:52 2008 +0100
libnetjoin: add fallback to level 24 samr setinfo so that libnet can join NT4.
Guenther
commit 63894e5c93ef0663fc58bcc191777cd1aca7e21c
Author: Günther Deschner <gd at samba.org>
Date: Fri Feb 29 01:25:45 2008 +0100
libnetjoin: Trying to avoid confusion between acct_flags, acb_info and
access_desired.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/libnet/libnet_join.c | 45 +++++++++++++++++++++++++++++++-----------
1 files changed, 33 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 38d9822..1a8486f 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -652,8 +652,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
struct lsa_String lsa_acct_name;
- uint32 user_rid;
- uint32 acb_info = ACB_WSTRUST;
+ uint32_t user_rid;
+ uint32_t acct_flags = ACB_WSTRUST;
uchar pwbuf[532];
struct MD5Context md5ctx;
uchar md5buffer[16];
@@ -690,7 +690,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
goto done;
}
- status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
+ status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -757,7 +757,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
init_lsa_String(&lsa_acct_name, acct_name);
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
- uint32_t acct_flags =
+ uint32_t access_desired =
SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
SAMR_USER_ACCESS_SET_PASSWORD |
@@ -765,15 +765,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
SAMR_USER_ACCESS_SET_ATTRIBUTES;
uint32_t access_granted = 0;
- /* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ /* Don't try to set any acct_flags flags other than ACB_WSTRUST */
- DEBUG(10,("Creating account with flags: %d\n", acct_flags));
+ DEBUG(10,("Creating account with desired access mask: %d\n",
+ access_desired));
status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
&domain_pol,
&lsa_acct_name,
ACB_WSTRUST,
- acct_flags,
+ access_desired,
&user_pol,
&access_granted,
&user_rid);
@@ -845,7 +846,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
E_md4hash(r->in.machine_password, md4_trust_password);
encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);
- generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
+ generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer));
digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
MD5Init(&md5ctx);
@@ -859,10 +860,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
/* Fill in the additional account flags now */
- acb_info |= ACB_PWNOEXP;
+ acct_flags |= ACB_PWNOEXP;
if (r->out.domain_is_ad) {
#if !defined(ENCTYPE_ARCFOUR_HMAC)
- acb_info |= ACB_USE_DES_KEY_ONLY;
+ acct_flags |= ACB_USE_DES_KEY_ONLY;
#endif
;;
}
@@ -874,13 +875,33 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
user_info.info25.info.fields_present = ACCT_NT_PWD_SET |
ACCT_LM_PWD_SET |
SAMR_FIELD_ACCT_FLAGS;
- user_info.info25.info.acct_flags = acb_info;
+
+ user_info.info25.info.acct_flags = acct_flags;
memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf));
status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
&user_pol,
25,
&user_info);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
+
+ uchar pwbuf2[516];
+
+ encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE);
+
+ /* retry with level 24 */
+ init_samr_user_info24(&user_info.info24, pwbuf2, 24);
+
+ SamOEMhashBlob(user_info.info24.password.data, 516,
+ &cli->user_session_key);
+
+ status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+ &user_pol,
+ 24,
+ &user_info);
+ }
+
if (!NT_STATUS_IS_OK(status)) {
libnet_join_set_error_string(mem_ctx, r,
"Failed to set password for machine account (%s)\n",
@@ -1054,7 +1075,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
POLICY_HND sam_pol, domain_pol, user_pol;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
- uint32 user_rid;
+ uint32_t user_rid;
struct lsa_String lsa_acct_name;
struct samr_Ids user_rids;
struct samr_Ids name_types;
--
Samba Shared Repository
More information about the samba-cvs
mailing list