BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
BOOL set_trust_account_password( unsigned char *md4_new_pwd);
BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname);
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]);
/*The following definitions come from passdb/smbpassgroup.c */
BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level);
uint32 cli_net_auth2(const char *srv_name,
const char *trust_acct,
+ const char *acct_name,
uint16 sec_chan,
uint32 neg_flags, DOM_CHAL *srv_chal);
uint32 cli_net_req_chal( const char *srv_name, const char* myhostname,
BOOL samr_query_lookup_domain( POLICY_HND *pol, const char *dom_name,
DOM_SID *dom_sid);
BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **names,
+ uint32 num_names, char **names,
uint32 *num_rids,
uint32 rid[MAX_LOOKUP_SIDS],
uint32 type[MAX_LOOKUP_SIDS]);
ALIAS_MEM_FN(als_mem_fn));
BOOL create_samr_domain_user( POLICY_HND *pol_dom,
const char *acct_name, uint16 acb_info,
- const char* password,
+ const char* password, int plen,
uint32 *rid);
BOOL create_samr_domain_alias( POLICY_HND *pol_open_domain,
const char *acct_name, const char *acct_desc,
uint32 alias_rid, ALIAS_INFO_CTR *ctr);
BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
const char *acct_name, uint16 acb_info,
- const char *password,
+ const char *password, int plen,
uint32 *rid);
BOOL msrpc_sam_query_dispinfo(const char* srv_name, const char* domain,
DOM_SID *sid1,
BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM *r_u, prs_struct *ps, int depth);
BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **name);
+ uint32 num_names, char **name);
BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth);
BOOL make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
uint32 num_rids, uint32 *rid, uint8 *type, uint32 status);
if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
{
- DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
+ DEBUG(0,("get_trust_account_file_name: path %s too long to add trust details.\n",
mac_file));
return;
}
}
return True;
}
+
+/*********************************************************
+record Trust Account password.
+**********************************************************/
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
+{
+ /*
+ * Create the machine account password file.
+ */
+
+ if (!trust_password_lock( domain, name, True))
+ {
+ DEBUG(0,("unable to open the trust account password file for \
+account %s in domain %s.\n", name, domain));
+ return False;
+ }
+
+ /*
+ * Write the old machine account password.
+ */
+
+ if (!set_trust_account_password( pass))
+ {
+ DEBUG(0,("unable to write the trust account password for \
+%s in domain %s.\n", name, domain));
+ trust_password_unlock();
+ return False;
+ }
+
+ trust_password_unlock();
+
+ return True;
+}
* Receive an auth-2 challenge response and check it.
*/
- ret = cli_net_auth2(srv_name, trust_acct,
+ ret = cli_net_auth2(srv_name, trust_acct, myhostname,
sec_chan, 0x000001ff, &srv_chal);
if (ret != 0x0)
{
uint32 cli_net_auth2(const char *srv_name,
const char *trust_acct,
+ const char *acct_name,
uint16 sec_chan,
uint32 neg_flags, DOM_CHAL *srv_chal)
{
/* create and send a MSRPC command with api NET_AUTH2 */
DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
- srv_name, trust_acct, sec_chan, srv_name,
+ srv_name, trust_acct, sec_chan, acct_name,
neg_flags));
cli_con_get_cli_cred(con, &clnt_cred);
/* store the parameters */
- make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, srv_name,
+ make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name,
&clnt_cred.challenge, neg_flags);
/* turn parameters into data stream */
do a SAMR Query Lookup Names
****************************************************************************/
BOOL samr_query_lookup_names( POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **names,
+ uint32 num_names, char **names,
uint32 *num_rids,
uint32 rid[MAX_LOOKUP_SIDS],
uint32 type[MAX_LOOKUP_SIDS])
****************************************************************************/
BOOL create_samr_domain_user( POLICY_HND *pol_dom,
const char *acct_name, uint16 acb_info,
- const char* password,
+ const char* password, int plen,
uint32 *rid)
{
POLICY_HND pol_open_user;
BOOL ret = True;
BOOL res1 = True;
char pwbuf[516];
- char randompw[24];
- int plen = 0;
SAM_USER_INFO_24 *p24;
SAM_USER_INFO_16 *p16;
SAM_USER_INFO_16 usr16;
return True;
}
- if (password == NULL)
- {
- generate_random_buffer(randompw, sizeof(randompw), True);
- password = randompw;
- plen = sizeof(randompw);
- }
- else
- {
- plen = strlen(password);
- }
encode_pw_buffer(pwbuf, password, plen, False);
p24 = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24));
****************************************************************************/
BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
const char *acct_name, uint16 acb_info,
- const char *password,
+ const char *password, int plen,
uint32 *rid)
{
BOOL res = True;
uint32 user_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
+ char *pwd = NULL;
/* establish a connection. */
res = res ? samr_connect(
res2 = res1 ? create_samr_domain_user(
&pol_dom,
acct_name,
- acb_info, password, &user_rid) : False;
+ acb_info, password, plen, &user_rid) : False;
res1 = res1 ? samr_close( &pol_dom) : False;
res = res ? samr_close( &sam_pol) : False;
********************************************************************/
BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
POLICY_HND *pol, uint32 flags,
- uint32 num_names, const char **name)
+ uint32 num_names, char **name)
{
uint32 i;
if (q_u == NULL) return False;
{
fstring domain;
fstring acct_name;
+ fstring name;
fstring sid;
DOM_SID sid1;
uint32 user_rid;
uint16 acb_info = ACB_NORMAL;
+ BOOL join_domain = False;
int opt;
+ char *password = NULL;
+ int plen = 0;
+ int len = 0;
+ UNISTR2 upw;
+
fstring srv_name;
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
if (argc < 2)
{
- report(out_hnd, "createuser: <acct name> [-i] [-s]\n");
+ report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n");
return;
}
argv++;
safe_strcpy(acct_name, argv[0], sizeof(acct_name));
- if (acct_name[strlen(acct_name)-1] == '$')
+ len = strlen(acct_name)-1;
+ if (acct_name[len] == '$')
{
+ safe_strcpy(name, argv[0], sizeof(name));
+ name[len] = 0;
acb_info = ACB_WSTRUST;
}
- while ((opt = getopt(argc, argv,"is")) != EOF)
+ while ((opt = getopt(argc, argv,"isj")) != EOF)
{
switch (opt)
{
acb_info = ACB_SVRTRUST;
break;
}
+ case 'j':
+ {
+ join_domain = True;
+ }
}
}
+ if (join_domain && acb_info == ACB_NORMAL)
+ {
+ report(out_hnd, "can only join trust accounts to a domain\n");
+ return;
+ }
+
report(out_hnd, "SAM Create Domain User\n");
report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
domain, acct_name,
pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+ if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
+ {
+ upw.uni_str_len = 24;
+ upw.uni_max_len = 24;
+ generate_random_buffer((uchar*)upw.buffer,
+ upw.uni_str_len, True);
+ password = (char*)upw.buffer;
+ plen = upw.uni_str_len;
+ }
+
if (msrpc_sam_create_dom_user(srv_name, &sid1,
- acct_name, acb_info, NULL,
+ acct_name, acb_info, password, plen,
&user_rid))
{
report(out_hnd, "Create Domain User: OK\n");
+
+ if (join_domain)
+ {
+ uchar ntpw[16];
+
+ nt_owf_genW(&upw, ntpw);
+
+ report(out_hnd, "Join %s to Domain %s", name, domain);
+ if (create_trust_account_file(domain, name, ntpw))
+ {
+ report(out_hnd, ": OK\n");
+ }
+ else
+ {
+ report(out_hnd, ": FAILED\n");
+ }
+ }
}
else
{
exit(1);
}
-/*********************************************************
-record Trust Account password.
-**********************************************************/
-static BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
-{
- /*
- * Create the machine account password file.
- */
-
- if(!trust_password_lock( domain, name, True))
- {
- fprintf(stderr, "unable to open the trust account password file for \
-machine %s in domain %s.\n", global_myname, domain);
- return False;
- }
-
- /*
- * Write the old machine account password.
- */
-
- if(!set_trust_account_password( pass))
- {
- fprintf(stderr, "unable to write the trust account password for \
-%s in domain %s.\n", name, domain);
- trust_password_unlock();
- return False;
- }
-
- trust_password_unlock();
-
- return True;
-}
-
/*********************************************************
Join a domain.
**********************************************************/