#define SAMR_CHGPASSWD_USER3 0x3F
#define SAMR_CONNECT5 0x40
-/* SAMR account creation flags/permissions */
-#define SAMR_USER_GETNAME 0x1
-#define SAMR_USER_GETLOCALE 0x2
-#define SAMR_USER_GETLOCCOM 0x4
-#define SAMR_USER_GETLOGONINFO 0x8
-#define SAMR_USER_GETATTR 0x10
-#define SAMR_USER_SETATTR 0x20
-#define SAMR_USER_CHPASS 0x40
-#define SAMR_USER_SETPASS 0x80
-#define SAMR_USER_GETGROUPS 0x100
-#define SAMR_USER_GETMEMBERSHIP 0x200
-#define SAMR_USER_CHMEMBERSHIP 0x400
-#define SAMR_STANDARD_DELETE 0x10000
-#define SAMR_STANDARD_READCTRL 0x20000
-#define SAMR_STANDARD_WRITEDAC 0x40000
-#define SAMR_STANDARD_WRITEOWNER 0x80000
-#define SAMR_STANDARD_SYNC 0x100000
-#define SAMR_GENERIC_ACCESSSACL 0x800000
-#define SAMR_GENERIC_MAXALLOWED 0x2000000
-#define SAMR_GENERIC_ALL 0x10000000
-#define SAMR_GENERIC_EXECUTE 0x20000000
-#define SAMR_GENERIC_WRITE 0x40000000
-#define SAMR_GENERIC_READ 0x80000000
-
-
typedef struct logon_hours_info
{
uint32 max_len; /* normally 1260 bytes */
const_acct_name = acct_name;
if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
- uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
- SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
- SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
- SAMR_USER_GETATTR | SAMR_USER_SETATTR;
+ uint32_t acct_flags =
+ SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
&domain_pol,
/* Create domain user */
acb_info = ACB_NORMAL;
- acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
- SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
- SAMR_STANDARD_DELETE | SAMR_USER_SETPASS |
- SAMR_USER_GETATTR | SAMR_USER_SETATTR;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags,
const_acct_name = acct_name;
/* Don't try to set any acb_info flags other than ACB_WSTRUST */
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
- acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
- SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
- SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
- SAMR_USER_SETATTR;
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags, &user_pol, &user_rid);
/* Create domain user */
acb_info = ACB_NORMAL;
- acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
- SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
- SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
- SAMR_USER_SETATTR;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags,
}
/* Create trusting domain's account */
- acb_info = ACB_NORMAL;
- acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
- SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
- SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
- SAMR_USER_SETATTR;
+ acb_info = ACB_NORMAL;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info, acct_flags,
strlower_m(acct_name);
const_acct_name = acct_name;
- acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
- SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
- SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
- SAMR_USER_SETATTR;
+ acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
acct_name, acb_info,
acct_flags, &user_pol,