[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-1622-g7d94f97
Jeremy Allison
jra at samba.org
Wed Jan 23 21:54:34 GMT 2008
The branch, v3-2-test has been updated
via 7d94f97947b7edfcf3ec52f0125e4593d6d54c05 (commit)
from 7101026061c470ed962267b43ac0aa67cc761a64 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 7d94f97947b7edfcf3ec52f0125e4593d6d54c05
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jan 23 13:54:02 2008 -0800
Forward ported version of Matt Geddes <musicalcarrion at gmail.com>
patch for adding acct_flags to rpccli_samr_create_dom_user().
Jerry please test.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_samr.h | 27 ++++++++++++++++++++++++++-
source/libnet/libnet_join.c | 7 ++++++-
source/rpc_client/cli_samr.c | 4 ++--
source/rpc_parse/parse_samr.c | 6 +++---
source/rpcclient/cmd_samr.c | 11 +++++++----
source/utils/net_domain.c | 8 +++++++-
source/utils/net_rpc.c | 20 +++++++++++++-------
source/utils/net_rpc_join.c | 8 +++++++-
8 files changed, 71 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h
index 9274e37..5ddb877 100644
--- a/source/include/rpc_samr.h
+++ b/source/include/rpc_samr.h
@@ -145,6 +145,31 @@ SamrTestPrivateFunctionsUser
#define SAMR_CHGPASSWD_USER3 0x3F
#define SAMR_CONNECT5 0x40
+/* SAMR account creation flags/permissions */
+#define SAMR_USER_GETNAME 0x1
+#define SAMR_USER_GETLOCALE 0x2
+#define SAMR_USER_GETLOCCOM 0x4
+#define SAMR_USER_GETLOGONINFO 0x8
+#define SAMR_USER_GETATTR 0x10
+#define SAMR_USER_SETATTR 0x20
+#define SAMR_USER_CHPASS 0x40
+#define SAMR_USER_SETPASS 0x80
+#define SAMR_USER_GETGROUPS 0x100
+#define SAMR_USER_GETMEMBERSHIP 0x200
+#define SAMR_USER_CHMEMBERSHIP 0x400
+#define SAMR_STANDARD_DELETE 0x10000
+#define SAMR_STANDARD_READCTRL 0x20000
+#define SAMR_STANDARD_WRITEDAC 0x40000
+#define SAMR_STANDARD_WRITEOWNER 0x80000
+#define SAMR_STANDARD_SYNC 0x100000
+#define SAMR_GENERIC_ACCESSSACL 0x800000
+#define SAMR_GENERIC_MAXALLOWED 0x2000000
+#define SAMR_GENERIC_ALL 0x10000000
+#define SAMR_GENERIC_EXECUTE 0x20000000
+#define SAMR_GENERIC_WRITE 0x40000000
+#define SAMR_GENERIC_READ 0x80000000
+
+
typedef struct logon_hours_info
{
uint32 max_len; /* normally 1260 bytes */
@@ -1555,7 +1580,7 @@ typedef struct q_samr_create_user_info
UNISTR2 uni_name; /* unicode account name */
uint32 acb_info; /* account control info */
- uint32 access_mask; /* 0xe005 00b0 */
+ uint32 acct_flags; /* 0xe005 00b0 */
} SAMR_Q_CREATE_USER;
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index a9978ba..538cca7 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -684,10 +684,15 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
const_acct_name = acct_name;
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
+ uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
+ SAMR_USER_GETATTR | SAMR_USER_SETATTR;
+
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
&domain_pol,
acct_name, ACB_WSTRUST,
- 0xe005000b, &user_pol,
+ acct_flags, &user_pol,
&user_rid);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!(r->in.join_flags &
diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c
index bf83138..7cf8726 100644
--- a/source/rpc_client/cli_samr.c
+++ b/source/rpc_client/cli_samr.c
@@ -1643,7 +1643,7 @@ NTSTATUS rpccli_samr_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *domain_pol, const char *acct_name,
- uint32 acb_info, uint32 access_mask,
+ uint32 acb_info, uint32 acct_flags,
POLICY_HND *user_pol, uint32 *rid)
{
prs_struct qbuf, rbuf;
@@ -1658,7 +1658,7 @@ NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *me
/* Marshall data and send request */
- init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, access_mask);
+ init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, acct_flags);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_USER,
q, r,
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index 614a80d..23add3d 100644
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -5172,7 +5172,7 @@ reads or writes a structure.
void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
POLICY_HND *pol,
const char *name,
- uint32 acb_info, uint32 access_mask)
+ uint32 acb_info, uint32 acct_flags)
{
DEBUG(5, ("samr_init_samr_q_create_user\n"));
@@ -5182,7 +5182,7 @@ void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
init_uni_hdr(&q_u->hdr_name, &q_u->uni_name);
q_u->acb_info = acb_info;
- q_u->access_mask = access_mask;
+ q_u->acct_flags = acct_flags;
}
/*******************************************************************
@@ -5213,7 +5213,7 @@ bool samr_io_q_create_user(const char *desc, SAMR_Q_CREATE_USER * q_u,
return False;
if(!prs_uint32("acb_info ", ps, depth, &q_u->acb_info))
return False;
- if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+ if(!prs_uint32("acct_flags", ps, depth, &q_u->acct_flags))
return False;
return True;
diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index 171027f..5b42c6b 100644
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -1450,7 +1450,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 user_rid;
+ uint32 acct_flags, user_rid;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
if ((argc < 2) || (argc > 3)) {
@@ -1459,7 +1459,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
}
acct_name = argv[1];
-
+
if (argc > 2)
sscanf(argv[2], "%x", &access_mask);
@@ -1483,10 +1483,13 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
/* Create domain user */
acb_info = ACB_NORMAL;
- access_mask = 0xe005000b;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
+ SAMR_USER_GETATTR | SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
- acct_name, acb_info, access_mask,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result))
diff --git a/source/utils/net_domain.c b/source/utils/net_domain.c
index da5e61c..a98f090 100644
--- a/source/utils/net_domain.c
+++ b/source/utils/net_domain.c
@@ -208,6 +208,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
uint32 acb_info = ACB_WSTRUST;
+ uint32 acct_flags;
uint32 fields_present;
uchar pwbuf[532];
SAM_USERINFO_CTR ctr;
@@ -245,8 +246,13 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
+ acct_name, acb_info, acct_flags, &user_pol, &user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 6779246..b08a936 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -588,7 +588,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 access_mask, user_rid;
+ uint32 acct_flags, user_rid;
if (argc < 1) {
d_printf("User must be specified\n");
@@ -618,10 +618,13 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
/* Create domain user */
acb_info = ACB_NORMAL;
- access_mask = 0xe005000b;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, access_mask,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -5341,7 +5344,8 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5375,11 +5379,13 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
/* Create trusting domain's account */
acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index 6e37f3c..de8ea74 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -160,6 +160,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
+ uint32 acct_flags=0;
/* check what type of join */
if (argc >= 0) {
@@ -249,9 +250,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
strlower_m(acct_name);
const_acct_name = acct_name;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info,
- 0xe005000b, &user_pol,
+ acct_flags, &user_pol,
&user_rid);
if (!NT_STATUS_IS_OK(result) &&
--
Samba Shared Repository
More information about the samba-cvs
mailing list