diff options
author | Günther Deschner <gd@samba.org> | 2008-02-28 21:55:01 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-02-28 22:07:30 +0100 |
commit | 37bca2ea57e2f2f13a9ab59d6fcd8f27052f65ef (patch) | |
tree | 42023f18ae2c6041d8e6ff97a3236ae164fd90d5 /source3 | |
parent | 781e1ab4a1d9c5fe581034d42c9c597cd5d7be4d (diff) | |
download | samba-37bca2ea57e2f2f13a9ab59d6fcd8f27052f65ef.tar.gz samba-37bca2ea57e2f2f13a9ab59d6fcd8f27052f65ef.tar.bz2 samba-37bca2ea57e2f2f13a9ab59d6fcd8f27052f65ef.zip |
While we are at it: add _wkssvc_NetrUnjoinDomain2 implementation.
This can be tested with e.g. "netdom remove SAMBAHOST" from windows.
Guenther
(This used to be commit 53121e62ea32ff3a984533dca044b67cf5b2c55b)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/srv_wkssvc_nt.c | 68 |
1 files changed, 64 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index e559248ef8..6d03009d00 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -361,13 +361,73 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, } /******************************************************************** + _wkssvc_NetrUnjoinDomain2 ********************************************************************/ -WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, struct wkssvc_NetrUnjoinDomain2 *r) +WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, + struct wkssvc_NetrUnjoinDomain2 *r) { - /* FIXME: Add implementation code here */ - p->rng_fault_state = True; - return WERR_NOT_SUPPORTED; + struct libnet_UnjoinCtx *u = NULL; + char *cleartext_pwd = NULL; + char *admin_domain = NULL; + char *admin_account = NULL; + WERROR werr; + NTSTATUS status; + struct nt_user_token *token = p->pipe_user.nt_user_token; + struct netr_DsRGetDCNameInfo *info = NULL; + + if (!user_has_privileges(token, &se_machine_account) && + !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { + DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have " + "sufficient privileges\n")); + return WERR_ACCESS_DENIED; + } + + werr = decode_wkssvc_join_password_buffer(p->mem_ctx, + r->in.encrypted_password, + &p->session_key, + &cleartext_pwd); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + split_domain_user(p->mem_ctx, + r->in.account, + &admin_domain, + &admin_account); + + status = dsgetdcname(p->mem_ctx, + lp_realm(), + NULL, + NULL, + DS_DIRECTORY_SERVICE_REQUIRED | + DS_WRITABLE_REQUIRED | + DS_RETURN_DNS_NAME, + &info); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + + werr = libnet_init_UnjoinCtx(p->mem_ctx, &u); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + u->in.dc_name = info->dc_unc; + u->in.domain_name = lp_realm(); + u->in.unjoin_flags = r->in.unjoin_flags | + WKSSVC_JOIN_FLAGS_JOIN_TYPE; + u->in.admin_account = admin_account; + u->in.admin_password = cleartext_pwd; + u->in.debug = true; + + become_root(); + werr = libnet_Unjoin(p->mem_ctx, u); + unbecome_root(); + + TALLOC_FREE(u); + return werr; } /******************************************************************** |