diff options
author | Gerald Carter <jerry@samba.org> | 2003-08-20 16:07:19 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-08-20 16:07:19 +0000 |
commit | 65409a49feb83c48043b980c7cda79149e2d837b (patch) | |
tree | 95cf1c2c2c5b10f0844fbd052ef2f92feda98f07 /source3/rpc_server | |
parent | 1ca0974768ed0aa83044e1055db057bac0a61e8f (diff) | |
download | samba-65409a49feb83c48043b980c7cda79149e2d837b.tar.gz samba-65409a49feb83c48043b980c7cda79149e2d837b.tar.bz2 samba-65409a49feb83c48043b980c7cda79149e2d837b.zip |
Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAIN
call.
(This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_samr.c | 27 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 74 |
2 files changed, 80 insertions, 21 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index d9624bdff0..d9d1a45dce 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -386,7 +386,7 @@ static BOOL api_samr_chgpasswd_user(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* unknown 38 command */ + /* change password request */ if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) { DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n")); return False; @@ -448,7 +448,6 @@ static BOOL api_samr_open_user(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 22 */ if(!samr_io_q_open_user("", &q_u, data, 0)) { DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n")); return False; @@ -479,7 +478,6 @@ static BOOL api_samr_query_userinfo(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 24 */ if(!samr_io_q_query_userinfo("", &q_u, data, 0)){ DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n")); return False; @@ -510,7 +508,6 @@ static BOOL api_samr_query_usergroups(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 32 */ if(!samr_io_q_query_usergroups("", &q_u, data, 0)) { DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n")); return False; @@ -541,7 +538,6 @@ static BOOL api_samr_query_dom_info(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 8 command */ if(!samr_io_q_query_dom_info("", &q_u, data, 0)) { DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n")); return False; @@ -1347,13 +1343,13 @@ static BOOL api_samr_open_group(pipes_struct *p) } /******************************************************************* - api_samr_unknown_2d + api_samr_remove_user_foreign_domain ********************************************************************/ -static BOOL api_samr_unknown_2d(pipes_struct *p) +static BOOL api_samr_remove_user_foreign_domain(pipes_struct *p) { - SAMR_Q_UNKNOWN_2D q_u; - SAMR_R_UNKNOWN_2D r_u; + SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN q_u; + SAMR_R_REMOVE_USER_FOREIGN_DOMAIN r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; @@ -1361,15 +1357,15 @@ static BOOL api_samr_unknown_2d(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if (!samr_io_q_unknown_2d("", &q_u, data, 0)) { - DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n")); + if (!samr_io_q_remove_user_foreign_domain("", &q_u, data, 0)) { + DEBUG(0,("api_samr_remove_user_foreign_domain: unable to unmarshall SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN.\n")); return False; } - r_u.status = _samr_unknown_2d(p, &q_u, &r_u); + r_u.status = _samr_remove_user_foreign_domain(p, &q_u, &r_u); - if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n")); + if (!samr_io_r_remove_user_foreign_domain("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_remove_user_foreign_domain: unable to marshall SAMR_R_REMOVE_USER_FOREIGN_DOMAIN.\n")); return False; } @@ -1421,7 +1417,6 @@ static BOOL api_samr_set_dom_info(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 8 command */ if(!samr_io_q_set_domain_info("", &q_u, data, 0)) { DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n")); return False; @@ -1488,7 +1483,7 @@ static struct api_struct api_samr_cmds [] = {"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias }, {"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group }, {"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain }, - {"SAMR_UNKNOWN_2D" , SAMR_UNKNOWN_2D , api_samr_unknown_2d }, + {"SAMR_REMOVE_USER_FOREIGN_DOMAIN" , SAMR_REMOVE_USER_FOREIGN_DOMAIN , api_samr_remove_user_foreign_domain }, {"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain }, {"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj }, diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index a338b5eb4d..a14c6cd7e8 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -8,6 +8,7 @@ * Copyright (C) Jeremy Allison 2001-2002, * Copyright (C) Jean François Micouleau 1998-2001, * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002. + * Copyright (C) Gerald (Jerry) Carter 2003. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -3787,7 +3788,8 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM /* check if the user exists before trying to delete */ pdb_init_sam(&sam_pass); if(!pdb_getsampwsid(sam_pass, &user_sid)) { - DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", + sid_string_static(&user_sid))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } @@ -4283,13 +4285,75 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G } /********************************************************************* - _samr_unknown_2d + _samr_remove_user_foreign_domain *********************************************************************/ -NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u) +NTSTATUS _samr_remove_user_foreign_domain(pipes_struct *p, + SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN *q_u, + SAMR_R_REMOVE_USER_FOREIGN_DOMAIN *r_u) { - DEBUG(0,("_samr_unknown_2d: Not yet implemented.\n")); - return NT_STATUS_NOT_IMPLEMENTED; + DOM_SID user_sid, dom_sid; + SAM_ACCOUNT *sam_pass=NULL; + uint32 acc_granted; + + sid_copy( &user_sid, &q_u->sid.sid ); + + DEBUG(5,("_samr_remove_user_foreign_domain: removing user [%s]\n", + sid_string_static(&user_sid))); + + /* Find the policy handle. Open a policy on it. */ + + if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, + STD_RIGHT_DELETE_ACCESS, "_samr_remove_user_foreign_domain"))) + { + return r_u->status; + } + + if ( !sid_check_is_in_our_domain(&user_sid) ) { + DEBUG(5,("_samr_remove_user_foreign_domain: user not is our domain!\n")); + return NT_STATUS_NO_SUCH_USER; + } + + /* check if the user exists before trying to delete */ + + pdb_init_sam(&sam_pass); + + if ( !pdb_getsampwsid(sam_pass, &user_sid) ) { + + DEBUG(5,("_samr_remove_user_foreign_domain:User %s doesn't exist.\n", + sid_string_static(&user_sid))); + + pdb_free_sam(&sam_pass); + + return NT_STATUS_NO_SUCH_USER; + } + + /* + * delete the unix side + * + * note: we don't check if the delete really happened + * as the script is not necessary present + * and maybe the sysadmin doesn't want to delete the unix side + */ + + smb_delete_user(pdb_get_username(sam_pass)); + + /* and delete the samba side */ + + if ( !pdb_delete_sam_account(sam_pass) ) { + + DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + + return NT_STATUS_CANNOT_DELETE; + } + + pdb_free_sam(&sam_pass); + + return NT_STATUS_OK; } /******************************************************************* |