summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-08-20 16:07:19 +0000
committerGerald Carter <jerry@samba.org>2003-08-20 16:07:19 +0000
commit65409a49feb83c48043b980c7cda79149e2d837b (patch)
tree95cf1c2c2c5b10f0844fbd052ef2f92feda98f07 /source3/rpc_server
parent1ca0974768ed0aa83044e1055db057bac0a61e8f (diff)
downloadsamba-65409a49feb83c48043b980c7cda79149e2d837b.tar.gz
samba-65409a49feb83c48043b980c7cda79149e2d837b.tar.bz2
samba-65409a49feb83c48043b980c7cda79149e2d837b.zip
Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAIN
call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_samr.c27
-rw-r--r--source3/rpc_server/srv_samr_nt.c74
2 files changed, 80 insertions, 21 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index d9624bdff0..d9d1a45dce 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -386,7 +386,7 @@ static BOOL api_samr_chgpasswd_user(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* unknown 38 command */
+ /* change password request */
if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) {
DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n"));
return False;
@@ -448,7 +448,6 @@ static BOOL api_samr_open_user(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 22 */
if(!samr_io_q_open_user("", &q_u, data, 0)) {
DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n"));
return False;
@@ -479,7 +478,6 @@ static BOOL api_samr_query_userinfo(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 24 */
if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
return False;
@@ -510,7 +508,6 @@ static BOOL api_samr_query_usergroups(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 32 */
if(!samr_io_q_query_usergroups("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n"));
return False;
@@ -541,7 +538,6 @@ static BOOL api_samr_query_dom_info(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 8 command */
if(!samr_io_q_query_dom_info("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n"));
return False;
@@ -1347,13 +1343,13 @@ static BOOL api_samr_open_group(pipes_struct *p)
}
/*******************************************************************
- api_samr_unknown_2d
+ api_samr_remove_user_foreign_domain
********************************************************************/
-static BOOL api_samr_unknown_2d(pipes_struct *p)
+static BOOL api_samr_remove_user_foreign_domain(pipes_struct *p)
{
- SAMR_Q_UNKNOWN_2D q_u;
- SAMR_R_UNKNOWN_2D r_u;
+ SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN q_u;
+ SAMR_R_REMOVE_USER_FOREIGN_DOMAIN r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
@@ -1361,15 +1357,15 @@ static BOOL api_samr_unknown_2d(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- if (!samr_io_q_unknown_2d("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n"));
+ if (!samr_io_q_remove_user_foreign_domain("", &q_u, data, 0)) {
+ DEBUG(0,("api_samr_remove_user_foreign_domain: unable to unmarshall SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN.\n"));
return False;
}
- r_u.status = _samr_unknown_2d(p, &q_u, &r_u);
+ r_u.status = _samr_remove_user_foreign_domain(p, &q_u, &r_u);
- if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n"));
+ if (!samr_io_r_remove_user_foreign_domain("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_samr_remove_user_foreign_domain: unable to marshall SAMR_R_REMOVE_USER_FOREIGN_DOMAIN.\n"));
return False;
}
@@ -1421,7 +1417,6 @@ static BOOL api_samr_set_dom_info(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 8 command */
if(!samr_io_q_set_domain_info("", &q_u, data, 0)) {
DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n"));
return False;
@@ -1488,7 +1483,7 @@ static struct api_struct api_samr_cmds [] =
{"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias },
{"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group },
{"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
- {"SAMR_UNKNOWN_2D" , SAMR_UNKNOWN_2D , api_samr_unknown_2d },
+ {"SAMR_REMOVE_USER_FOREIGN_DOMAIN" , SAMR_REMOVE_USER_FOREIGN_DOMAIN , api_samr_remove_user_foreign_domain },
{"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
{"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj },
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index a338b5eb4d..a14c6cd7e8 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -8,6 +8,7 @@
* Copyright (C) Jeremy Allison 2001-2002,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002.
+ * Copyright (C) Gerald (Jerry) Carter 2003.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -3787,7 +3788,8 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
/* check if the user exists before trying to delete */
pdb_init_sam(&sam_pass);
if(!pdb_getsampwsid(sam_pass, &user_sid)) {
- DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
+ DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n",
+ sid_string_static(&user_sid)));
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
@@ -4283,13 +4285,75 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
}
/*********************************************************************
- _samr_unknown_2d
+ _samr_remove_user_foreign_domain
*********************************************************************/
-NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u)
+NTSTATUS _samr_remove_user_foreign_domain(pipes_struct *p,
+ SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN *q_u,
+ SAMR_R_REMOVE_USER_FOREIGN_DOMAIN *r_u)
{
- DEBUG(0,("_samr_unknown_2d: Not yet implemented.\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
+ DOM_SID user_sid, dom_sid;
+ SAM_ACCOUNT *sam_pass=NULL;
+ uint32 acc_granted;
+
+ sid_copy( &user_sid, &q_u->sid.sid );
+
+ DEBUG(5,("_samr_remove_user_foreign_domain: removing user [%s]\n",
+ sid_string_static(&user_sid)));
+
+ /* Find the policy handle. Open a policy on it. */
+
+ if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted))
+ return NT_STATUS_INVALID_HANDLE;
+
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS, "_samr_remove_user_foreign_domain")))
+ {
+ return r_u->status;
+ }
+
+ if ( !sid_check_is_in_our_domain(&user_sid) ) {
+ DEBUG(5,("_samr_remove_user_foreign_domain: user not is our domain!\n"));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* check if the user exists before trying to delete */
+
+ pdb_init_sam(&sam_pass);
+
+ if ( !pdb_getsampwsid(sam_pass, &user_sid) ) {
+
+ DEBUG(5,("_samr_remove_user_foreign_domain:User %s doesn't exist.\n",
+ sid_string_static(&user_sid)));
+
+ pdb_free_sam(&sam_pass);
+
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /*
+ * delete the unix side
+ *
+ * note: we don't check if the delete really happened
+ * as the script is not necessary present
+ * and maybe the sysadmin doesn't want to delete the unix side
+ */
+
+ smb_delete_user(pdb_get_username(sam_pass));
+
+ /* and delete the samba side */
+
+ if ( !pdb_delete_sam_account(sam_pass) ) {
+
+ DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass)));
+ pdb_free_sam(&sam_pass);
+
+ return NT_STATUS_CANNOT_DELETE;
+ }
+
+ pdb_free_sam(&sam_pass);
+
+ return NT_STATUS_OK;
}
/*******************************************************************