Ignore:
Timestamp:
Mar 12, 2008, 9:08:18 AM (17 years ago)
Author:
Paul Smedley
Message:

Update source to 3.0.28a

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/samba-3.0/source/utils/net_domain.c

    r1 r124  
    210210        uint32 flags = 0x3e8;
    211211        uint32 acb_info = ACB_WSTRUST;
    212         uchar pwbuf[516];
     212        uint32 acct_flags=0;
     213        uint32 fields_present;
     214        uchar pwbuf[532];
    213215        SAM_USERINFO_CTR ctr;
    214         SAM_USER_INFO_24 p24;
    215         SAM_USER_INFO_16 p16;
     216        SAM_USER_INFO_25 p25;
     217        const int infolevel = 25;
     218        struct MD5Context md5ctx;
     219        uchar md5buffer[16];
     220        DATA_BLOB digested_session_key;
    216221        uchar md4_trust_password[16];
    217222
     
    243248        /* Don't try to set any acb_info flags other than ACB_WSTRUST */
    244249
     250        acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
     251                SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
     252                SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
     253                SAMR_USER_SETATTR;
     254        DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
    245255        status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
    246                         acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
     256                        acct_name, acb_info, acct_flags, &user_pol, &user_rid);
    247257
    248258        if ( !NT_STATUS_IS_OK(status)
     
    284294        status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
    285295                        SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
    286        
    287         /* Create a random machine account password */
    288 
    289         E_md4hash( clear_pw, md4_trust_password);
     296        if (!NT_STATUS_IS_OK(status)) {
     297                return status;
     298        }
     299       
     300        /* Create a random machine account password and generate the hash */
     301
     302        E_md4hash(clear_pw, md4_trust_password);
    290303        encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE);
    291 
    292         /* Set password on machine account */
    293 
    294         ZERO_STRUCT(ctr);
    295         ZERO_STRUCT(p24);
    296 
    297         init_sam_user_info24(&p24, (char *)pwbuf,24);
    298 
    299         ctr.switch_value = 24;
    300         ctr.info.id24 = &p24;
    301 
    302         status = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol,
    303                         24, &cli->user_session_key, &ctr);
    304 
    305         if ( !NT_STATUS_IS_OK(status) ) {
    306                 d_fprintf( stderr, "Failed to set password for machine account (%s)\n",
    307                         nt_errstr(status));
    308                 return status;
    309         }
    310 
    311 
    312         /* Why do we have to try to (re-)set the ACB to be the same as what
    313            we passed in the samr_create_dom_user() call?  When a NT
    314            workstation is joined to a domain by an administrator the
    315            acb_info is set to 0x80.  For a normal user with "Add
    316            workstations to the domain" rights the acb_info is 0x84.  I'm
    317            not sure whether it is supposed to make a difference or not.  NT
    318            seems to cope with either value so don't bomb out if the set
    319            userinfo2 level 0x10 fails.  -tpot */
    320 
    321         ZERO_STRUCT(ctr);
    322         ctr.switch_value = 16;
    323         ctr.info.id16 = &p16;
     304       
     305        generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
     306        digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
     307       
     308        MD5Init(&md5ctx);
     309        MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
     310        MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length);
     311        MD5Final(digested_session_key.data, &md5ctx);
     312       
     313        SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
     314        memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
    324315
    325316        /* Fill in the additional account flags now */
     
    333324        }
    334325
    335         init_sam_user_info16(&p16, acb_info);
    336 
    337         status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
    338                                         &cli->user_session_key, &ctr);
     326        /* Set password and account flags on machine account */
     327
     328        ZERO_STRUCT(ctr);
     329        ZERO_STRUCT(p25);
     330
     331        fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS;
     332        init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf);
     333
     334        ctr.switch_value = infolevel;
     335        ctr.info.id25    = &p25;
     336
     337        status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol,
     338                                           infolevel, &cli->user_session_key, &ctr);
     339
     340        if ( !NT_STATUS_IS_OK(status) ) {
     341                d_fprintf( stderr, "Failed to set password for machine account (%s)\n",
     342                        nt_errstr(status));
     343                return status;
     344        }
    339345
    340346        rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
Note: See TracChangeset for help on using the changeset viewer.