/* * sam_create_account * * Create the specified domain account in the SAM database on the * domain controller. * * Account flags: * SAMR_AF_NORMAL_ACCOUNT * SAMR_AF_WORKSTATION_TRUST_ACCOUNT * SAMR_AF_SERVER_TRUST_ACCOUNT * * Returns NT status codes. */ DWORD sam_create_account(char *server, char *domain_name, char *account_name, DWORD account_flags) { mlsvc_handle_t samr_handle; mlsvc_handle_t domain_handle; mlsvc_handle_t user_handle; union samr_user_info sui; struct samr_sid *sid; DWORD rid; DWORD status; int rc; char user[SMB_USERNAME_MAXLEN]; smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); rc = samr_open(server, domain_name, user, SAM_CONNECT_CREATE_ACCOUNT, &samr_handle); if (rc != 0) { status = NT_STATUS_OPEN_FAILED; smb_tracef("SamCreateAccount[%s\\%s]: %s", domain_name, account_name, xlate_nt_status(status)); return (status); } sid = sam_get_domain_sid(&samr_handle, server, domain_name); status = samr_open_domain(&samr_handle, SAM_DOMAIN_CREATE_ACCOUNT, sid, &domain_handle); if (status == NT_STATUS_SUCCESS) { status = samr_create_user(&domain_handle, account_name, account_flags, &rid, &user_handle); if (status == NT_STATUS_SUCCESS) { (void) samr_query_user_info(&user_handle, SAMR_QUERY_USER_CONTROL_INFO, &sui); (void) samr_get_user_pwinfo(&user_handle); (void) samr_set_user_info(&user_handle); (void) samr_close_handle(&user_handle); } else if (status != NT_STATUS_USER_EXISTS) { smb_tracef("SamCreateAccount[%s]: %s", account_name, xlate_nt_status(status)); } (void) samr_close_handle(&domain_handle); } else { smb_tracef("SamCreateAccount[%s]: open domain failed", account_name); status = (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); } (void) samr_close_handle(&samr_handle); free(sid); return (status); }
/* * Set the account control flags on some account for which we * have already opened a SAM handle with appropriate rights, * passed in here as sam_handle, along with the new flags. */ DWORD netr_set_user_control( mlsvc_handle_t *user_handle, DWORD UserAccountControl) { struct samr_SetUserInfo16 info; info.UserAccountControl = UserAccountControl; return (samr_set_user_info(user_handle, 16, &info)); }
/* * Set the password on some account, for which we have already * opened a SAM handle with appropriate rights, passed in here * as sam_handle, along with the new password as cleartext. * * This builds a struct SAMPR_USER_INTERNAL5_INFORMATION [MS-SAMR] * containing the new password, encrypted with our session key. */ DWORD netr_set_user_password( mlsvc_handle_t *user_handle, char *new_pw_clear) { unsigned char ssn_key[SMBAUTH_HASH_SZ]; struct samr_SetUserInfo24 info; if (ndr_rpc_get_ssnkey(user_handle, ssn_key, SMBAUTH_HASH_SZ)) return (NT_STATUS_INTERNAL_ERROR); (void) memset(&info, 0, sizeof (info)); samr_make_encrypted_password(&info.encr_pw, new_pw_clear, ssn_key); /* Rather not leave the session key around. */ (void) memset(ssn_key, 0, sizeof (ssn_key)); return (samr_set_user_info(user_handle, 24, &info)); }