The branch, v3-0-test has been updated
via 00845002a60b541e290aee40626af4b5d522f553 (commit)
from dd2489a178e0760082695904e75b75d57528f953 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 00845002a60b541e290aee40626af4b5d522f553
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Wed Jan 23 13:55:13 2008 -0800
Version of Matt Geddes <[EMAIL PROTECTED]>
patch for adding acct_flags to rpccli_samr_create_dom_user().
Jerry please test.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_samr.h | 27 ++++++++++++++++++++++++++-
source/libmsrpc/cac_samr.c | 12 ++++++++----
source/python/py_samr.c | 9 +++++++--
source/rpc_parse/parse_samr.c | 6 +++---
source/rpcclient/cmd_samr.c | 11 +++++++----
source/utils/net_domain.c | 8 +++++++-
source/utils/net_rpc.c | 22 +++++++++++++++-------
source/utils/net_rpc_join.c | 8 +++++++-
8 files changed, 80 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h
index 575cd78..a7a9660 100644
--- a/source/include/rpc_samr.h
+++ b/source/include/rpc_samr.h
@@ -146,6 +146,31 @@ SamrTestPrivateFunctionsUser
#define SAMR_CHGPASSWD_USER3 0x3F
#define SAMR_CONNECT5 0x40
+/* SAMR account creation flags/permissions */
+#define SAMR_USER_GETNAME 0x1
+#define SAMR_USER_GETLOCALE 0x2
+#define SAMR_USER_GETLOCCOM 0x4
+#define SAMR_USER_GETLOGONINFO 0x8
+#define SAMR_USER_GETATTR 0x10
+#define SAMR_USER_SETATTR 0x20
+#define SAMR_USER_CHPASS 0x40
+#define SAMR_USER_SETPASS 0x80
+#define SAMR_USER_GETGROUPS 0x100
+#define SAMR_USER_GETMEMBERSHIP 0x200
+#define SAMR_USER_CHMEMBERSHIP 0x400
+#define SAMR_STANDARD_DELETE 0x10000
+#define SAMR_STANDARD_READCTRL 0x20000
+#define SAMR_STANDARD_WRITEDAC 0x40000
+#define SAMR_STANDARD_WRITEOWNER 0x80000
+#define SAMR_STANDARD_SYNC 0x100000
+#define SAMR_GENERIC_ACCESSSACL 0x800000
+#define SAMR_GENERIC_MAXALLOWED 0x2000000
+#define SAMR_GENERIC_ALL 0x10000000
+#define SAMR_GENERIC_EXECUTE 0x20000000
+#define SAMR_GENERIC_WRITE 0x40000000
+#define SAMR_GENERIC_READ 0x80000000
+
+
typedef struct logon_hours_info
{
uint32 max_len; /* normally 1260 bytes */
@@ -1557,7 +1582,7 @@ typedef struct q_samr_create_user_info
UNISTR2 uni_name; /* unicode account name */
uint32 acb_info; /* account control info */
- uint32 access_mask; /* 0xe005 00b0 */
+ uint32 acct_flags; /* 0xe005 00b0 */
} SAMR_Q_CREATE_USER;
diff --git a/source/libmsrpc/cac_samr.c b/source/libmsrpc/cac_samr.c
index 4d3acc8..dd9e2c2 100644
--- a/source/libmsrpc/cac_samr.c
+++ b/source/libmsrpc/cac_samr.c
@@ -365,9 +365,7 @@ int cac_SamCreateUser( CacServerHandle * hnd, TALLOC_CTX *
mem_ctx,
POLICY_HND *user_out = NULL;
uint32 rid_out;
-
- /**found in rpcclient/cmd_samr.c*/
- uint32 unknown = 0xe005000b;
+ uint32 acct_flags=0;
if ( !hnd )
return CAC_FAILURE;
@@ -395,10 +393,16 @@ int cac_SamCreateUser( CacServerHandle * hnd, TALLOC_CTX
* mem_ctx,
return CAC_FAILURE;
}
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
hnd->status =
rpccli_samr_create_dom_user( pipe_hnd, mem_ctx,
op->in.dom_hnd, op->in.name,
- op->in.acb_mask, unknown,
+ op->in.acb_mask, acct_flags,
user_out, &rid_out );
if ( !NT_STATUS_IS_OK( hnd->status ) )
diff --git a/source/python/py_samr.c b/source/python/py_samr.c
index fced5b3..e2600bc 100644
--- a/source/python/py_samr.c
+++ b/source/python/py_samr.c
@@ -463,7 +463,7 @@ static PyObject *samr_create_dom_user(PyObject *self,
PyObject *args,
static char *kwlist[] = { "account_name", "acb_info", NULL };
char *account_name;
NTSTATUS ntstatus;
- uint32 unknown = 0xe005000b; /* Access mask? */
+ uint32 acct_flags = 0;
uint32 user_rid;
PyObject *result = NULL;
TALLOC_CTX *mem_ctx;
@@ -479,9 +479,14 @@ static PyObject *samr_create_dom_user(PyObject *self,
PyObject *args,
return NULL;
}
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
ntstatus = rpccli_samr_create_dom_user(
domain_hnd->cli, mem_ctx, &domain_hnd->domain_pol,
- account_name, acb_info, unknown, &user_pol, &user_rid);
+ account_name, acb_info, acct_flags, &user_pol, &user_rid);
if (!NT_STATUS_IS_OK(ntstatus)) {
PyErr_SetObject(samr_ntstatus, py_ntstatus_tuple(ntstatus));
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index 4410348..0d83e45 100644
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -5182,7 +5182,7 @@ reads or writes a structure.
void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
POLICY_HND *pol,
const char *name,
- uint32 acb_info, uint32 access_mask)
+ uint32 acb_info, uint32 acct_flags)
{
DEBUG(5, ("samr_init_samr_q_create_user\n"));
@@ -5192,7 +5192,7 @@ void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
init_uni_hdr(&q_u->hdr_name, &q_u->uni_name);
q_u->acb_info = acb_info;
- q_u->access_mask = access_mask;
+ q_u->acct_flags = acct_flags;
}
/*******************************************************************
@@ -5223,7 +5223,7 @@ BOOL samr_io_q_create_user(const char *desc,
SAMR_Q_CREATE_USER * q_u,
return False;
if(!prs_uint32("acb_info ", ps, depth, &q_u->acb_info))
return False;
- if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+ if(!prs_uint32("acct_flags", ps, depth, &q_u->acct_flags))
return False;
return True;
diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index dd55e65..8487d2b 100644
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -1450,7 +1450,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct
rpc_pipe_client *cli,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags, user_rid;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
if ((argc < 2) || (argc > 3)) {
@@ -1483,10 +1483,13 @@ static NTSTATUS cmd_samr_create_dom_user(struct
rpc_pipe_client *cli,
/* Create domain user */
acb_info = ACB_NORMAL;
- unknown = 0xe005000b; /* No idea what this is - a permission mask? */
-
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result))
diff --git a/source/utils/net_domain.c b/source/utils/net_domain.c
index 5b330d8..ac7e0da 100644
--- a/source/utils/net_domain.c
+++ b/source/utils/net_domain.c
@@ -209,6 +209,7 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct
cli_state *cli,
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
uint32 acb_info = ACB_WSTRUST;
+ uint32 acct_flags=0;
uchar pwbuf[516];
SAM_USERINFO_CTR ctr;
SAM_USER_INFO_24 p24;
@@ -242,8 +243,13 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct
cli_state *cli,
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
+ acct_name, acb_info, acct_flags, &user_pol, &user_rid);
if ( !NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index fee994b..1a3de4f 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -581,7 +581,8 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID
*domain_sid,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 acct_flags=0;
+ uint32 user_rid;
if (argc < 1) {
d_printf("User must be specified\n");
@@ -611,10 +612,14 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID
*domain_sid,
/* Create domain user */
acb_info = ACB_NORMAL;
- unknown = 0xe005000b; /* No idea what this is - a permission mask? */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -5335,7 +5340,8 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID
*domain_sid,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
uint32 acb_info;
- uint32 unknown, user_rid;
+ uint32 user_rid;
+ uint32 acct_flags=0;
if (argc != 2) {
d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5369,11 +5375,13 @@ static NTSTATUS rpc_trustdom_add_internals(const
DOM_SID *domain_sid,
/* Create trusting domain's account */
acb_info = ACB_NORMAL;
- unknown = 0xe00500b0; /* No idea what this is - a permission mask?
- mimir: yes, most probably it is */
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
- acct_name, acb_info, unknown,
+ acct_name, acb_info, acct_flags,
&user_pol, &user_rid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index d23bd76..d2c25eb 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -142,6 +142,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
uint32 flags = 0x3e8;
char *acct_name;
const char *const_acct_name;
+ uint32 acct_flags=0;
/* check what type of join */
if (argc >= 0) {
@@ -229,9 +230,14 @@ int net_rpc_join_newstyle(int argc, const char **argv)
strlower_m(acct_name);
const_acct_name = acct_name;
+ acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
+ SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
+ SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
+ SAMR_USER_SETATTR;
+ DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info,
- 0xe005000b, &user_pol,
+ acct_flags, &user_pol,
&user_rid);
if (!NT_STATUS_IS_OK(result) &&
--
Samba Shared Repository
