The Samba-Bugzilla – Attachment 2216 Details for
Bug 4098
"net user add" adds a disabled user account
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Quick hack to create accounts which aren't disabled
samba-3.0.22-add-user.patch (text/plain), 2.52 KB, created by
Joe Mondloch
on 2006-11-13 17:48:40 UTC
(
hide
)
Description:
Quick hack to create accounts which aren't disabled
Filename:
MIME Type:
Creator:
Joe Mondloch
Created:
2006-11-13 17:48:40 UTC
Size:
2.52 KB
patch
obsolete
>diff -rub samba-3.0.22/source/utils/net_rpc.c samba-3.0.22-jmk/source/utils/net_rpc.c >--- samba-3.0.22/source/utils/net_rpc.c 2006-01-24 17:46:40.000000000 -0600 >+++ samba-3.0.22-jmk/source/utils/net_rpc.c 2006-10-25 11:04:49.000000000 -0500 >@@ -568,13 +568,22 @@ > uint16 acb_info; > uint32 unknown, user_rid; > >- if (argc != 1) { >- d_printf("User must be specified\n"); >+ /* jmk/pmonkey mods to fix ability to set password */ >+ SAM_USERINFO_CTR ctr; >+ SAM_USER_INFO_24 p24; >+ SAM_USER_INFO_16 p16; >+ const char *acct_password; >+ uchar pwbuf[516]; >+ >+ if (argc != 2) { >+ d_printf("User and password must be specified\n"); > rpc_user_usage(argc, argv); > return NT_STATUS_OK; > } > > acct_name = argv[0]; >+ acct_password = argv[1]; >+ /* jmk */ > > /* Get sam policy handle */ > >@@ -605,6 +614,53 @@ > goto done; > } > >+ /* jmk/pmonkey -- mod to set a password on the new account and enable the account */ >+ /* stolen 100% from the machine account joining code */ >+ >+ /* Open handle on user */ >+ >+ rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, >+ SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); >+ >+ /* Set password on account */ >+ encode_pw_buffer(pwbuf, acct_password, STR_UNICODE); >+ >+ ZERO_STRUCT(ctr); >+ ZERO_STRUCT(p24); >+ >+ init_sam_user_info24(&p24, (char *)pwbuf,24); >+ >+ ctr.switch_value = 24; >+ ctr.info.id24 = &p24; >+ >+ rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, >+ &cli->user_session_key, &ctr); >+ >+ /* Why do we have to try to (re-)set the ACB to be the same as what >+ we passed in the samr_create_dom_user() call? When a NT >+ workstation is joined to a domain by an administrator the >+ acb_info is set to 0x80. For a normal user with "Add >+ workstations to the domain" rights the acb_info is 0x84. I'm >+ not sure whether it is supposed to make a difference or not. NT >+ seems to cope with either value so don't bomb out if the set >+ userinfo2 level 0x10 fails. -tpot */ >+ >+ ZERO_STRUCT(ctr); >+ ctr.switch_value = 16; >+ ctr.info.id16 = &p16; >+ >+ init_sam_user_info16(&p16, acb_info); >+ >+ /* Ignoring the return value is necessary for joining a domain >+ as a normal user with "Add workstation to domain" privilege. */ >+ >+ result = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, >+ &cli->user_session_key, &ctr); >+ >+ rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); >+ //cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */ >+ /* jmk */ >+ > done: > if (!NT_STATUS_IS_OK(result)) { > d_fprintf(stderr, "Failed to add user %s - %s\n", acct_name,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2216">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4098
: 2216