Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org)
+ Copyright (C) 2008 Guenther Deschner (gd@samba.org)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
goto done; \
}
-static void init_lsa_String(struct lsa_String *name, const char *s)
-{
- name->string = s;
-}
-
/*******************************************************************
Leave an AD domain. Windows XP disables the machine account.
We'll try the same. The old code would do an LDAP delete.
POLICY_HND sam_pol, domain_pol, user_pol;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
- uint32 flags = 0x3e8;
- const char *const_acct_name;
uint32 user_rid;
- uint32 num_rids, *name_types, *user_rids;
- SAM_USERINFO_CTR ctr, *qctr = NULL;
- SAM_USER_INFO_16 p16;
+ struct lsa_String lsa_acct_name;
+ struct samr_Ids user_rids;
+ struct samr_Ids name_types;
+ union samr_UserInfo *info = NULL;
/* Open the domain */
acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname());
strlower_m(acct_name);
- const_acct_name = acct_name;
- status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
- &domain_pol, flags, 1, &const_acct_name,
- &num_rids, &user_rids, &name_types);
+ init_lsa_String(&lsa_acct_name, acct_name);
+
+ status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if ( !NT_STATUS_IS_OK(status) )
return status;
- if ( name_types[0] != SID_NAME_USER) {
- DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
+ if ( name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
return NT_STATUS_INVALID_WORKSTATION;
}
- user_rid = user_rids[0];
+ user_rid = user_rids.ids[0];
/* Open handle on user */
/* Get user info */
- status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, 16, &qctr);
+ status = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ 16,
+ &info);
if ( !NT_STATUS_IS_OK(status) ) {
rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
goto done;
}
/* now disable and setuser info */
-
- ZERO_STRUCT(ctr);
- ctr.switch_value = 16;
- ctr.info.id16 = &p16;
- p16.acb_info = qctr->info.id16->acb_info | ACB_DISABLED;
+ info->info16.acct_flags |= ACB_DISABLED;
- status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
- &cli->user_session_key, &ctr);
+ status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ 16,
+ info);
rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
POLICY_HND sam_pol, domain_pol, user_pol;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *acct_name;
- const char *const_acct_name;
struct lsa_String lsa_acct_name;
uint32 user_rid;
- uint32 num_rids, *name_types, *user_rids;
- uint32 flags = 0x3e8;
uint32 acb_info = ACB_WSTRUST;
uint32 acct_flags;
- uint32 fields_present;
uchar pwbuf[532];
- SAM_USERINFO_CTR ctr;
- SAM_USER_INFO_25 p25;
- const int infolevel = 25;
struct MD5Context md5ctx;
uchar md5buffer[16];
DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
uint32_t access_granted = 0;
+ struct samr_Ids user_rids;
+ struct samr_Ids name_types;
+ union samr_UserInfo info;
/* Open the domain */
acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname());
strlower_m(acct_name);
- const_acct_name = acct_name;
init_lsa_String(&lsa_acct_name, acct_name);
rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
}
- status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
- &domain_pol, flags, 1, &const_acct_name,
- &num_rids, &user_rids, &name_types);
+ status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types);
if ( !NT_STATUS_IS_OK(status) )
return status;
- if ( name_types[0] != SID_NAME_USER) {
- DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
+ if ( name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
return NT_STATUS_INVALID_WORKSTATION;
}
- user_rid = user_rids[0];
+ user_rid = user_rids.ids[0];
/* Open handle on user */
}
/* Set password and account flags on machine account */
+ ZERO_STRUCT(info.info25);
+ info.info25.info.fields_present = ACCT_NT_PWD_SET |
+ ACCT_LM_PWD_SET |
+ SAMR_FIELD_ACCT_FLAGS;
+ info.info25.info.acct_flags = acb_info;
+ memcpy(&info.info25.password.data, pwbuf, sizeof(pwbuf));
- ZERO_STRUCT(ctr);
- ZERO_STRUCT(p25);
- fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS;
- init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf);
-
- ctr.switch_value = infolevel;
- ctr.info.id25 = &p25;
-
- status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol,
- infolevel, &cli->user_session_key, &ctr);
+ status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+ &user_pol,
+ 25,
+ &info);
if ( !NT_STATUS_IS_OK(status) ) {
d_fprintf( stderr, "Failed to set password for machine account (%s)\n",