diff options
author | Gerald Carter <jerry@samba.org> | 2006-05-18 20:12:45 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:08 -0500 |
commit | 463e7c11711e0c511d81c892e4be621ea3bfe8b1 (patch) | |
tree | f12bbe77073176ea53a4c3784e61f119858cc823 /source3/libads | |
parent | 0648638fef56a65f9389c8a98f66c57663e8c401 (diff) | |
download | samba-463e7c11711e0c511d81c892e4be621ea3bfe8b1.tar.gz samba-463e7c11711e0c511d81c892e4be621ea3bfe8b1.tar.bz2 samba-463e7c11711e0c511d81c892e4be621ea3bfe8b1.zip |
r15701: change 'net ads leave' to disable the machine account in the domain (since removal implies greater permissions that Windows clients require)
(This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/ldap.c | 184 |
1 files changed, 0 insertions, 184 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 293163c05e..3307ad83fe 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1753,190 +1753,6 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) } /** - * Delete a machine from the realm - * @param ads connection to ads server - * @param hostname Machine to remove - * @return status of delete - **/ -ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) -{ - ADS_STATUS status; - void *res, *msg; - char *hostnameDN, *host; - int rc; - LDAPControl ldap_control; - LDAPControl * pldap_control[2] = {NULL, NULL}; - - pldap_control[0] = &ldap_control; - memset(&ldap_control, 0, sizeof(LDAPControl)); - ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID; - - /* hostname must be lowercase */ - host = SMB_STRDUP(hostname); - strlower_m(host); - - status = ads_find_machine_acct(ads, &res, host); - if (!ADS_ERR_OK(status)) { - DEBUG(0, ("Host account for %s does not exist.\n", host)); - return status; - } - - msg = ads_first_entry(ads, res); - if (!msg) { - return ADS_ERROR_SYSTEM(ENOENT); - } - - hostnameDN = ads_get_dn(ads, (LDAPMessage *)msg); - - - rc = ldap_delete_ext_s(ads->ld, hostnameDN, pldap_control, NULL); - if (rc) { - DEBUG(3,("ldap_delete_ext_s failed with error code %d\n", rc)); - }else { - DEBUG(3,("ldap_delete_ext_s succeeded with error code %d\n", rc)); - } - - ads_memfree(ads, hostnameDN); - if (rc != LDAP_SUCCESS) { - return ADS_ERROR(rc); - } - - status = ads_find_machine_acct(ads, &res, host); - if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) { - DEBUG(0, ("Failed to remove host account.\n")); - return status; - } - - free(host); - - return status; -} - -#if 0 -/** - * add machine account to existing security descriptor - * @param ads connection to ads server - * @param hostname machine to add - * @param dn DN of security descriptor - * @return status - **/ -static ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) -{ - const char *attrs[] = {"nTSecurityDescriptor", "objectSid", 0}; - char *expr = 0; - size_t sd_size = 0; - struct berval bval = {0, NULL}; - prs_struct ps_wire; - char *escaped_hostname = escape_ldap_string_alloc(hostname); - - LDAPMessage *res = 0; - LDAPMessage *msg = 0; - ADS_MODLIST mods = 0; - - NTSTATUS status; - ADS_STATUS ret; - DOM_SID sid; - SEC_DESC *psd = NULL; - TALLOC_CTX *ctx = NULL; - - /* Avoid segmentation fault in prs_mem_free if - * we have to bail out before prs_init */ - ps_wire.is_dynamic = False; - - if (!ads) { - SAFE_FREE(escaped_hostname); - return ADS_ERROR(LDAP_SERVER_DOWN); - } - - ret = ADS_ERROR(LDAP_SUCCESS); - - if (!escaped_hostname) { - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - if (asprintf(&expr, "(samAccountName=%s$)", escaped_hostname) == -1) { - DEBUG(1, ("ads_set_machine_sd: asprintf failed!\n")); - SAFE_FREE(escaped_hostname); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - SAFE_FREE(escaped_hostname); - - ret = ads_search(ads, (void *) &res, expr, attrs); - - SAFE_FREE(expr); - - if (!ADS_ERR_OK(ret)) return ret; - - if ( !(msg = ads_first_entry(ads, res) )) { - ret = ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - goto ads_set_sd_error; - } - - if (!ads_pull_sid(ads, msg, attrs[1], &sid)) { - ret = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - goto ads_set_sd_error; - } - - if (!(ctx = talloc_init("sec_io_desc"))) { - ret = ADS_ERROR(LDAP_NO_MEMORY); - goto ads_set_sd_error; - } - - if (!ads_pull_sd(ads, ctx, msg, attrs[0], &psd)) { - ret = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - goto ads_set_sd_error; - } - - status = sec_desc_add_sid(ctx, &psd, &sid, SEC_RIGHTS_FULL_CTRL, &sd_size); - - if (!NT_STATUS_IS_OK(status)) { - ret = ADS_ERROR_NT(status); - goto ads_set_sd_error; - } - - if (!prs_init(&ps_wire, sd_size, ctx, MARSHALL)) { - ret = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - if (!sec_io_desc("sd_wire", &psd, &ps_wire, 1)) { - ret = ADS_ERROR(LDAP_NO_MEMORY); - goto ads_set_sd_error; - } - -#if 0 - file_save("/tmp/sec_desc.new", ps_wire.data_p, sd_size); -#endif - if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY); - - bval.bv_len = prs_offset(&ps_wire); - bval.bv_val = TALLOC(ctx, bval.bv_len); - if (!bval.bv_val) { - ret = ADS_ERROR(LDAP_NO_MEMORY); - goto ads_set_sd_error; - } - - prs_set_offset(&ps_wire, 0); - - if (!prs_copy_data_out(bval.bv_val, &ps_wire, bval.bv_len)) { - ret = ADS_ERROR(LDAP_NO_MEMORY); - goto ads_set_sd_error; - } - - ret = ads_mod_ber(ctx, &mods, attrs[0], &bval); - if (ADS_ERR_OK(ret)) { - ret = ads_gen_mod(ads, dn, mods); - } - -ads_set_sd_error: - ads_msgfree(ads, res); - prs_mem_free(&ps_wire); - talloc_destroy(ctx); - return ret; -} -#endif - -/** * pull the first entry from a ADS result * @param ads connection to ads server * @param res Results of search |