UNIHDR hdr_mach_acct; /* unicode machine account name header */
UNISTR2 uni_mach_acct; /* unicode machine account name */
- uint32 acct_ctrl; /* 32 bit ACB_XXXX */
- uint16 unknown_1; /* 16 bit unknown - 0x00B0 */
- uint16 unknown_2; /* 16 bit unknown - 0xe005 */
+ uint32 acb_info; /* 32 bit ACB_XXXX */
+ uint32 access_mask; /* 0xe005 00b0 */
} SAMR_Q_CREATE_USER;
{
POLICY_HND pol; /* policy handle */
- /* rid4.unknown - fail: 0030 success: 0x03ff */
- DOM_RID4 rid4; /* rid and attributes */
-
+ uint32 unknown_0; /* 0x0007 03ff */
+ uint32 user_rid; /* user RID */
uint32 status; /* return status - fail: 0xC000 0099: user exists */
} SAMR_R_CREATE_USER;
if(!prs_align(ps))
return False;
- if(!prs_uint32("acct_ctrl", ps, depth, &q_u->acct_ctrl))
+ if(!prs_uint32("acb_info", ps, depth, &q_u->acb_info))
return False;
- if(!prs_uint16("unknown_1", ps, depth, &q_u->unknown_1))
- return False;
- if(!prs_uint16("unknown_2", ps, depth, &q_u->unknown_2))
+ if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
return False;
return True;
if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
return False;
- if(!prs_align(ps))
+
+ if(!prs_uint32("unknown_0", ps, depth, &r_u->unknown_0))
+ return False;
+ if(!prs_uint32("user_rid", ps, depth, &r_u->user_rid))
return False;
if(!prs_uint32("status", ps, depth, &r_u->status))
return True;
}
+
/*******************************************************************
api_samr_create_user
********************************************************************/
static BOOL api_samr_create_user(pipes_struct *p)
{
- uint32 status = 0;
struct sam_passwd *sam_pass;
fstring mach_acct;
+ pstring err_str;
+ pstring msg_str;
+ int local_flags=0;
+
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
- int i;
SAMR_Q_CREATE_USER q_u;
SAMR_R_CREATE_USER r_u;
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
DEBUG(5,("api_samr_create_user: %d\n", __LINE__));
/* grab the samr create user */
samr_io_q_create_user("", &q_u, data, 0);
+ /* find the policy handle. open a policy on it. */
+ if ((find_lsa_policy_by_hnd(&q_u.pol) == -1)) {
+ r_u.status = NT_STATUS_INVALID_HANDLE;
+ goto out;
+ }
+
/* find the machine account: tell the caller if it exists.
lkclXXXX i have *no* idea if this is a problem or not
or even if you are supposed to construct a different
*/
fstrcpy(mach_acct, dos_unistrn2(q_u.uni_mach_acct.buffer, q_u.uni_mach_acct.uni_str_len));
+ strlower(mach_acct);
become_root();
sam_pass = getsam21pwnam(mach_acct);
unbecome_root();
-
if (sam_pass != NULL) {
/* machine account exists: say so */
- status = 0xC0000000 | NT_STATUS_USER_EXISTS;
- } else {
- /* this could cause trouble... */
- DEBUG(0,("trouble!\n"));
- status = 0;
+ r_u.status = NT_STATUS_USER_EXISTS;
+ goto out;
}
- /* set up the SAMR create_user response */
- memset((char *)r_u.pol.data, '\0', POL_HND_SIZE);
- if (status == 0) {
- for (i = 4; i < POL_HND_SIZE; i++) {
- r_u.pol.data[i] = i+1;
- }
+ /* get a (unique) handle. open a policy on it. */
+ if (!open_lsa_policy_hnd(&r_u.pol)) {
+ r_u.status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ goto out;
+ }
+
+ local_flags=LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_SET_NO_PASSWORD;
+ local_flags|= (q_u.acb_info & ACB_WSTRUST) ? LOCAL_TRUST_ACCOUNT:0;
+
+ if (!local_password_change(mach_acct, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) {
+ DEBUG(0, ("%s\n", err_str));
+ r_u.status = NT_STATUS_ACCESS_DENIED;
+ close_lsa_policy_hnd(&r_u.pol);
+ memset((char *)r_u.pol.data, '\0', POL_HND_SIZE);
+ goto out;
+ }
+
+ become_root();
+ sam_pass = getsam21pwnam(mach_acct);
+ unbecome_root();
+ if (sam_pass == NULL) {
+ /* account doesn't exist: say so */
+ r_u.status = NT_STATUS_ACCESS_DENIED;
+ close_lsa_policy_hnd(&r_u.pol);
+ memset((char *)r_u.pol.data, '\0', POL_HND_SIZE);
+ goto out;
+ }
+
+ /* associate the RID with the (unique) handle. */
+ if (!set_lsa_policy_samr_rid(&r_u.pol, sam_pass->user_rid)) {
+ /* oh, whoops. don't know what error message to return, here */
+ r_u.status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ close_lsa_policy_hnd(&r_u.pol);
+ memset((char *)r_u.pol.data, '\0', POL_HND_SIZE);
+ goto out;
}
- init_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
- r_u.status = status;
+ r_u.unknown_0=0x000703ff;
+ r_u.user_rid=sam_pass->user_rid;
+ out:
/* store the response in the SMB stream */
if(!samr_io_r_create_user("", &r_u, rdata, 0))
return False;