fixing joining to domain plus something weird going down with nt logins...

(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index d6a03a8d6f4564def3084eab763de46bf5bacbf5..064e2f32a53d4777454ed41aba44b48ccbcd853a 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1711,6 +1711,7 @@ BOOL trust_password_delete( char *domain, char *name );
 BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
 BOOL set_trust_account_password( unsigned char *md4_new_pwd);
 BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname);
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16]);
 
 /*The following definitions come from  passdb/smbpassgroup.c  */
 
@@ -1904,6 +1905,7 @@ void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred);
 BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level);
 uint32 cli_net_auth2(const char *srv_name,
                                const char *trust_acct, 
+                               const char *acct_name, 
                                uint16 sec_chan, 
                                uint32 neg_flags, DOM_CHAL *srv_chal);
 uint32 cli_net_req_chal( const char *srv_name, const char* myhostname,
@@ -2059,7 +2061,7 @@ BOOL samr_open_domain(  const POLICY_HND *connect_pol,
 BOOL samr_query_lookup_domain(  POLICY_HND *pol, const char *dom_name,
                              DOM_SID *dom_sid);
 BOOL samr_query_lookup_names(  POLICY_HND *pol, uint32 flags,
-                               uint32 num_names, const char **names,
+                               uint32 num_names, char **names,
                                uint32 *num_rids,
                                uint32 rid[MAX_LOOKUP_SIDS],
                                uint32 type[MAX_LOOKUP_SIDS]);
@@ -2301,7 +2303,7 @@ uint32 msrpc_sam_enum_aliases( const char* srv_name,
                                ALIAS_MEM_FN(als_mem_fn));
 BOOL create_samr_domain_user( POLICY_HND *pol_dom,
                                const char *acct_name, uint16 acb_info,
-                               const char* password,
+                               const char* password, int plen,
                                uint32 *rid);
 BOOL create_samr_domain_alias( POLICY_HND *pol_open_domain,
                                const char *acct_name, const char *acct_desc,
@@ -2348,7 +2350,7 @@ BOOL get_samr_query_aliasinfo(
                                uint32 alias_rid, ALIAS_INFO_CTR *ctr);
 BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
                                const char *acct_name, uint16 acb_info,
-                               const char *password,
+                               const char *password, int plen,
                                uint32 *rid);
 BOOL msrpc_sam_query_dispinfo(const char* srv_name, const char* domain,
                                DOM_SID *sid1,
@@ -3030,7 +3032,7 @@ BOOL make_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM *r_u,
 BOOL samr_io_r_query_aliasmem(char *desc,  SAMR_R_QUERY_ALIASMEM *r_u, prs_struct *ps, int depth);
 BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
                POLICY_HND *pol, uint32 flags,
-               uint32 num_names, const char **name);
+               uint32 num_names, char **name);
 BOOL samr_io_q_lookup_names(char *desc,  SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth);
 BOOL make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
                uint32 num_rids, uint32 *rid, uint8 *type, uint32 status);

diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
index 83b0e7ef6b672fab8f1ffde79b4d7a087fccd1c2..d2a7b0bdf9121cf5bd76cf4b692f197286be3589 100644 (file)
--- a/source3/passdb/smbpassfile.c
+++ b/source3/passdb/smbpassfile.c
@@ -43,7 +43,7 @@ static void get_trust_account_file_name( char *domain, char *name, char *mac_fil
 
   if ((int)(sizeof(pstring) - mac_file_len - strlen(domain) - strlen(name) - 6) < 0)
   {
-    DEBUG(0,("trust_password_lock: path %s too long to add trust details.\n",
+    DEBUG(0,("get_trust_account_file_name: path %s too long to add trust details.\n",
               mac_file));
     return;
   }
@@ -268,3 +268,36 @@ trust %s in domain %s.\n", myname, domain ));
   }
   return True;
 }
+
+/*********************************************************
+record Trust Account password.
+**********************************************************/
+BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
+{
+       /*
+        * Create the machine account password file.
+        */
+
+       if (!trust_password_lock( domain, name, True))
+       {
+               DEBUG(0,("unable to open the trust account password file for \
+account %s in domain %s.\n", name, domain)); 
+               return False;
+       }
+
+       /*
+        * Write the old machine account password.
+        */
+       
+       if (!set_trust_account_password( pass))
+       {              
+               DEBUG(0,("unable to write the trust account password for \
+%s in domain %s.\n", name, domain));
+               trust_password_unlock();
+               return False;
+       }
+       
+       trust_password_unlock();
+       
+       return True;
+}

diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 832731d92dec2bb0f0f3a1388b127fcba189ddc0..a9244c886e5e1b89f98d0bb41709ea9bcae920c8 100644 (file)
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -89,7 +89,7 @@ uint32 cli_nt_setup_creds( char* servers, const char* myhostname,
         * Receive an auth-2 challenge response and check it.
         */
 
-       ret = cli_net_auth2(srv_name, trust_acct, 
+       ret = cli_net_auth2(srv_name, trust_acct, myhostname,
                            sec_chan, 0x000001ff, &srv_chal);
        if (ret != 0x0)
        {

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 1231c706d0542db4cec07a9cdb04a7729c34a195..fd6242c996542c2950d58eb8546d0c712981f1ad 100644 (file)
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -114,6 +114,7 @@ encrypt of the server challenge originally received. JRA.
 
 uint32 cli_net_auth2(const char *srv_name,
                                const char *trust_acct, 
+                               const char *acct_name, 
                                uint16 sec_chan, 
                                uint32 neg_flags, DOM_CHAL *srv_chal)
 {
@@ -142,13 +143,13 @@ uint32 cli_net_auth2(const char *srv_name,
        /* create and send a MSRPC command with api NET_AUTH2 */
 
        DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
-                 srv_name, trust_acct, sec_chan, srv_name,
+                 srv_name, trust_acct, sec_chan, acct_name,
                  neg_flags));
 
        cli_con_get_cli_cred(con, &clnt_cred);
 
        /* store the parameters */
-       make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, srv_name,
+       make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name,
                      &clnt_cred.challenge, neg_flags);
 
        /* turn parameters into data stream */

diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 0c3da6801ac374e7e7d01733dcf1a2895f416ae6..a0cb48969d24448097f08dddb80cd319eafb9a05 100644 (file)
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1636,7 +1636,7 @@ BOOL samr_query_lookup_domain(  POLICY_HND *pol, const char *dom_name,
 do a SAMR Query Lookup Names
 ****************************************************************************/
 BOOL samr_query_lookup_names(  POLICY_HND *pol, uint32 flags,
-                               uint32 num_names, const char **names,
+                               uint32 num_names, char **names,
                                uint32 *num_rids,
                                uint32 rid[MAX_LOOKUP_SIDS],
                                uint32 type[MAX_LOOKUP_SIDS])

diff --git a/source3/rpc_client/msrpc_samr.c b/source3/rpc_client/msrpc_samr.c
index f6148571aad77ed1b1b213fd3f457a0568f6a602..49f34fe3868ee42a1694be110ec03f36b37d45d0 100644 (file)
--- a/source3/rpc_client/msrpc_samr.c
+++ b/source3/rpc_client/msrpc_samr.c
@@ -997,15 +997,13 @@ do a SAMR create domain user
 ****************************************************************************/
 BOOL create_samr_domain_user( POLICY_HND *pol_dom,
                                const char *acct_name, uint16 acb_info,
-                               const char* password,
+                               const char* password, int plen,
                                uint32 *rid)
 {
        POLICY_HND pol_open_user;
        BOOL ret = True;
        BOOL res1 = True;
        char pwbuf[516];
-       char randompw[24];
-       int plen = 0;
        SAM_USER_INFO_24 *p24;
        SAM_USER_INFO_16 *p16;
        SAM_USER_INFO_16 usr16;
@@ -1052,16 +1050,6 @@ BOOL create_samr_domain_user( POLICY_HND *pol_dom,
                return True;
        }
 
-       if (password == NULL)
-       {
-               generate_random_buffer(randompw, sizeof(randompw), True);
-               password = randompw;
-               plen = sizeof(randompw);
-       }
-       else
-       {
-               plen = strlen(password);
-       }
        encode_pw_buffer(pwbuf, password, plen, False);
 
        p24 = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24));
@@ -1525,7 +1513,7 @@ SAM create domain user.
 ****************************************************************************/
 BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
                                const char *acct_name, uint16 acb_info,
-                               const char *password,
+                               const char *password, int plen,
                                uint32 *rid)
 {
        BOOL res = True;
@@ -1535,6 +1523,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
        uint32 user_rid; 
        POLICY_HND sam_pol;
        POLICY_HND pol_dom;
+       char *pwd = NULL;
 
        /* establish a connection. */
        res = res ? samr_connect( 
@@ -1550,7 +1539,7 @@ BOOL msrpc_sam_create_dom_user(const char* srv_name, DOM_SID *sid1,
        res2 = res1 ? create_samr_domain_user( 
                                &pol_dom,
                                acct_name, 
-                               acb_info, password, &user_rid) : False;
+                               acb_info, password, plen, &user_rid) : False;
 
        res1 = res1 ? samr_close( &pol_dom) : False;
        res  = res  ? samr_close( &sam_pol) : False;

diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 45dc5b57c8f4e501e3d72360eb93ae0a8a261e15..8ce5275bae29f4fdfe1b4932fae5c271fd048a87 100644 (file)
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -4399,7 +4399,7 @@ makes a SAMR_Q_LOOKUP_NAMES structure.
 ********************************************************************/
 BOOL make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
                POLICY_HND *pol, uint32 flags,
-               uint32 num_names, const char **name)
+               uint32 num_names, char **name)
 {
        uint32 i;
        if (q_u == NULL) return False;

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index a8ab18f6b8f486f78324bb96da3608dd705d1528..33deb77f4c9f9c93f11c9f597f974474cfb53037 100644 (file)
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -690,11 +690,18 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
 {
        fstring domain;
        fstring acct_name;
+       fstring name;
        fstring sid;
        DOM_SID sid1;
        uint32 user_rid; 
        uint16 acb_info = ACB_NORMAL;
+       BOOL join_domain = False;
        int opt;
+       char *password = NULL;
+       int plen = 0;
+       int len = 0;
+       UNISTR2 upw;
+
        fstring srv_name;
        fstrcpy(srv_name, "\\\\");
        fstrcat(srv_name, info->dest_host);
@@ -713,7 +720,7 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
 
        if (argc < 2)
        {
-               report(out_hnd, "createuser: <acct name> [-i] [-s]\n");
+               report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n");
                return;
        }
 
@@ -721,12 +728,15 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
        argv++;
 
        safe_strcpy(acct_name, argv[0], sizeof(acct_name));
-       if (acct_name[strlen(acct_name)-1] == '$')
+       len = strlen(acct_name)-1;
+       if (acct_name[len] == '$')
        {
+               safe_strcpy(name, argv[0], sizeof(name));
+               name[len] = 0;
                acb_info = ACB_WSTRUST;
        }
 
-       while ((opt = getopt(argc, argv,"is")) != EOF)
+       while ((opt = getopt(argc, argv,"isj")) != EOF)
        {
                switch (opt)
                {
@@ -740,19 +750,56 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
                                acb_info = ACB_SVRTRUST;
                                break;
                        }
+                       case 'j':
+                       {
+                               join_domain = True;
+                       }
                }
        }
 
+       if (join_domain && acb_info == ACB_NORMAL)
+       {
+               report(out_hnd, "can only join trust accounts to a domain\n");
+               return;
+       }
+
        report(out_hnd, "SAM Create Domain User\n");
        report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
                          domain, acct_name,
            pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
 
+       if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
+       {
+               upw.uni_str_len = 24;
+               upw.uni_max_len = 24;
+               generate_random_buffer((uchar*)upw.buffer,
+                                      upw.uni_str_len, True);
+               password = (char*)upw.buffer;
+               plen = upw.uni_str_len;
+       }
+
        if (msrpc_sam_create_dom_user(srv_name, &sid1,
-                                     acct_name, acb_info, NULL,
+                                     acct_name, acb_info, password, plen,
                                      &user_rid))
        {
                report(out_hnd, "Create Domain User: OK\n");
+
+               if (join_domain)
+               {
+                       uchar ntpw[16];
+                       
+                       nt_owf_genW(&upw, ntpw);
+
+                       report(out_hnd, "Join %s to Domain %s", name, domain);
+                       if (create_trust_account_file(domain, name, ntpw))
+                       {
+                               report(out_hnd, ": OK\n");
+                       }
+                       else
+                       {
+                               report(out_hnd, ": FAILED\n");
+                       }
+               }
        }
        else
        {

diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 7411d07a9ba4c7b8d34a88b3cca3f78d18f47f8b..3b87687c261609fdfbdf979b94eec5b42adeb21a 100644 (file)
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -80,39 +80,6 @@ static void usage(void)
        exit(1);
 }
 
-/*********************************************************
-record Trust Account password.
-**********************************************************/
-static BOOL create_trust_account_file(char *domain, char *name, uchar pass[16])
-{
-       /*
-        * Create the machine account password file.
-        */
-
-       if(!trust_password_lock( domain, name, True))
-       {
-               fprintf(stderr, "unable to open the trust account password file for \
-machine %s in domain %s.\n", global_myname, domain); 
-               return False;
-       }
-
-       /*
-        * Write the old machine account password.
-        */
-       
-       if(!set_trust_account_password( pass))
-       {              
-               fprintf(stderr, "unable to write the trust account password for \
-%s in domain %s.\n", name, domain);
-               trust_password_unlock();
-               return False;
-       }
-       
-       trust_password_unlock();
-       
-       return True;
-}
-
 /*********************************************************
 Join a domain.
 **********************************************************/