/*
* sam_create_account
*
* Create the specified domain account in the SAM database on the
* domain controller.
*
* Account flags:
* SAMR_AF_NORMAL_ACCOUNT
* SAMR_AF_WORKSTATION_TRUST_ACCOUNT
* SAMR_AF_SERVER_TRUST_ACCOUNT
*
* Returns NT status codes.
*/
DWORD
sam_create_account(char *server, char *domain_name, char *account_name,
DWORD account_flags)
{
mlsvc_handle_t samr_handle;
mlsvc_handle_t domain_handle;
mlsvc_handle_t user_handle;
union samr_user_info sui;
struct samr_sid *sid;
DWORD rid;
DWORD status;
int rc;
char user[SMB_USERNAME_MAXLEN];
smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
rc = samr_open(server, domain_name, user, SAM_CONNECT_CREATE_ACCOUNT,
&samr_handle);
if (rc != 0) {
status = NT_STATUS_OPEN_FAILED;
smb_tracef("SamCreateAccount[%s\\%s]: %s",
domain_name, account_name, xlate_nt_status(status));
return (status);
}
sid = sam_get_domain_sid(&samr_handle, server, domain_name);
status = samr_open_domain(&samr_handle,
SAM_DOMAIN_CREATE_ACCOUNT, sid, &domain_handle);
if (status == NT_STATUS_SUCCESS) {
status = samr_create_user(&domain_handle, account_name,
account_flags, &rid, &user_handle);
if (status == NT_STATUS_SUCCESS) {
(void) samr_query_user_info(&user_handle,
SAMR_QUERY_USER_CONTROL_INFO, &sui);
(void) samr_get_user_pwinfo(&user_handle);
(void) samr_set_user_info(&user_handle);
(void) samr_close_handle(&user_handle);
} else if (status != NT_STATUS_USER_EXISTS) {
smb_tracef("SamCreateAccount[%s]: %s",
account_name, xlate_nt_status(status));
}
(void) samr_close_handle(&domain_handle);
} else {
smb_tracef("SamCreateAccount[%s]: open domain failed",
account_name);
status = (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
}
(void) samr_close_handle(&samr_handle);
free(sid);
return (status);
}
/*
* Set the account control flags on some account for which we
* have already opened a SAM handle with appropriate rights,
* passed in here as sam_handle, along with the new flags.
*/
DWORD
netr_set_user_control(
mlsvc_handle_t *user_handle,
DWORD UserAccountControl)
{
struct samr_SetUserInfo16 info;
info.UserAccountControl = UserAccountControl;
return (samr_set_user_info(user_handle, 16, &info));
}
/*
* Set the password on some account, for which we have already
* opened a SAM handle with appropriate rights, passed in here
* as sam_handle, along with the new password as cleartext.
*
* This builds a struct SAMPR_USER_INTERNAL5_INFORMATION [MS-SAMR]
* containing the new password, encrypted with our session key.
*/
DWORD
netr_set_user_password(
mlsvc_handle_t *user_handle,
char *new_pw_clear)
{
unsigned char ssn_key[SMBAUTH_HASH_SZ];
struct samr_SetUserInfo24 info;
if (ndr_rpc_get_ssnkey(user_handle, ssn_key, SMBAUTH_HASH_SZ))
return (NT_STATUS_INTERNAL_ERROR);
(void) memset(&info, 0, sizeof (info));
samr_make_encrypted_password(&info.encr_pw, new_pw_clear, ssn_key);
/* Rather not leave the session key around. */
(void) memset(ssn_key, 0, sizeof (ssn_key));
return (samr_set_user_info(user_handle, 24, &info));
}
