summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_samr.h14
-rw-r--r--source3/rpc_parse/parse_samr.c12
-rw-r--r--source3/rpc_server/srv_samr.c27
-rw-r--r--source3/rpc_server/srv_samr_nt.c74
4 files changed, 93 insertions, 34 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 8ec274176a..4d9ad0b2e1 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -127,7 +127,7 @@ SamrTestPrivateFunctionsUser
#define SAMR_UNKNOWN_2a 0x2a
#define SAMR_UNKNOWN_2b 0x2b
#define SAMR_GET_USRDOM_PWINFO 0x2c
-#define SAMR_UNKNOWN_2D 0x2d
+#define SAMR_REMOVE_USER_FOREIGN_DOMAIN 0x2d
#define SAMR_UNKNOWN_2E 0x2e /* looks like an alias for SAMR_QUERY_DOMAIN_INFO */
#define SAMR_UNKNOWN_2f 0x2f
#define SAMR_QUERY_DISPINFO3 0x30 /* Alias for SAMR_QUERY_DISPINFO
@@ -1786,21 +1786,21 @@ typedef struct r_samr_chgpasswd_user_info
} SAMR_R_CHGPASSWD_USER;
-/* SAMR_Q_UNKNOWN_2D */
-typedef struct q_samr_unknown_2d_info
+/* SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN */
+typedef struct q_samr_remove_user_foreign_domain_info
{
POLICY_HND dom_pol; /* policy handle */
DOM_SID2 sid; /* SID */
-} SAMR_Q_UNKNOWN_2D;
+} SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN;
-/* SAMR_R_UNKNOWN_2D - probably an open */
-typedef struct r_samr_unknown_2d_info
+/* SAMR_R_REMOVE_USER_FOREIGN_DOMAIN */
+typedef struct r_samr_remove_user_foreign_domain_info
{
NTSTATUS status; /* return status */
-} SAMR_R_UNKNOWN_2D;
+} SAMR_R_REMOVE_USER_FOREIGN_DOMAIN;
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index fce3195225..1fe9b3231f 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -183,9 +183,9 @@ BOOL samr_io_r_lookup_domain(const char *desc, SAMR_R_LOOKUP_DOMAIN * r_u,
reads or writes a structure.
********************************************************************/
-void init_samr_q_unknown_2d(SAMR_Q_UNKNOWN_2D * q_u, POLICY_HND *dom_pol, DOM_SID *sid)
+void init_samr_q_remove_user_foreign_domain(SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN * q_u, POLICY_HND *dom_pol, DOM_SID *sid)
{
- DEBUG(5, ("samr_init_samr_q_unknown_2d\n"));
+ DEBUG(5, ("samr_init_samr_q_remove_user_foreign_domain\n"));
q_u->dom_pol = *dom_pol;
init_dom_sid2(&q_u->sid, sid);
@@ -195,13 +195,13 @@ void init_samr_q_unknown_2d(SAMR_Q_UNKNOWN_2D * q_u, POLICY_HND *dom_pol, DOM_SI
reads or writes a structure.
********************************************************************/
-BOOL samr_io_q_unknown_2d(const char *desc, SAMR_Q_UNKNOWN_2D * q_u,
+BOOL samr_io_q_remove_user_foreign_domain(const char *desc, SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN * q_u,
prs_struct *ps, int depth)
{
if (q_u == NULL)
return False;
- prs_debug(ps, depth, desc, "samr_io_q_unknown_2d");
+ prs_debug(ps, depth, desc, "samr_io_q_remove_user_foreign_domain");
depth++;
if(!prs_align(ps))
@@ -223,13 +223,13 @@ BOOL samr_io_q_unknown_2d(const char *desc, SAMR_Q_UNKNOWN_2D * q_u,
reads or writes a structure.
********************************************************************/
-BOOL samr_io_r_unknown_2d(const char *desc, SAMR_R_UNKNOWN_2D * r_u,
+BOOL samr_io_r_remove_user_foreign_domain(const char *desc, SAMR_R_REMOVE_USER_FOREIGN_DOMAIN * r_u,
prs_struct *ps, int depth)
{
if (r_u == NULL)
return False;
- prs_debug(ps, depth, desc, "samr_io_r_unknown_2d");
+ prs_debug(ps, depth, desc, "samr_io_r_remove_user_foreign_domain");
depth++;
if(!prs_align(ps))
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index d9624bdff0..d9d1a45dce 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -386,7 +386,7 @@ static BOOL api_samr_chgpasswd_user(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* unknown 38 command */
+ /* change password request */
if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) {
DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n"));
return False;
@@ -448,7 +448,6 @@ static BOOL api_samr_open_user(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 22 */
if(!samr_io_q_open_user("", &q_u, data, 0)) {
DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n"));
return False;
@@ -479,7 +478,6 @@ static BOOL api_samr_query_userinfo(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 24 */
if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
return False;
@@ -510,7 +508,6 @@ static BOOL api_samr_query_usergroups(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 32 */
if(!samr_io_q_query_usergroups("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n"));
return False;
@@ -541,7 +538,6 @@ static BOOL api_samr_query_dom_info(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 8 command */
if(!samr_io_q_query_dom_info("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n"));
return False;
@@ -1347,13 +1343,13 @@ static BOOL api_samr_open_group(pipes_struct *p)
}
/*******************************************************************
- api_samr_unknown_2d
+ api_samr_remove_user_foreign_domain
********************************************************************/
-static BOOL api_samr_unknown_2d(pipes_struct *p)
+static BOOL api_samr_remove_user_foreign_domain(pipes_struct *p)
{
- SAMR_Q_UNKNOWN_2D q_u;
- SAMR_R_UNKNOWN_2D r_u;
+ SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN q_u;
+ SAMR_R_REMOVE_USER_FOREIGN_DOMAIN r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
@@ -1361,15 +1357,15 @@ static BOOL api_samr_unknown_2d(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- if (!samr_io_q_unknown_2d("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n"));
+ if (!samr_io_q_remove_user_foreign_domain("", &q_u, data, 0)) {
+ DEBUG(0,("api_samr_remove_user_foreign_domain: unable to unmarshall SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN.\n"));
return False;
}
- r_u.status = _samr_unknown_2d(p, &q_u, &r_u);
+ r_u.status = _samr_remove_user_foreign_domain(p, &q_u, &r_u);
- if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n"));
+ if (!samr_io_r_remove_user_foreign_domain("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_samr_remove_user_foreign_domain: unable to marshall SAMR_R_REMOVE_USER_FOREIGN_DOMAIN.\n"));
return False;
}
@@ -1421,7 +1417,6 @@ static BOOL api_samr_set_dom_info(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- /* grab the samr unknown 8 command */
if(!samr_io_q_set_domain_info("", &q_u, data, 0)) {
DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n"));
return False;
@@ -1488,7 +1483,7 @@ static struct api_struct api_samr_cmds [] =
{"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias },
{"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group },
{"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
- {"SAMR_UNKNOWN_2D" , SAMR_UNKNOWN_2D , api_samr_unknown_2d },
+ {"SAMR_REMOVE_USER_FOREIGN_DOMAIN" , SAMR_REMOVE_USER_FOREIGN_DOMAIN , api_samr_remove_user_foreign_domain },
{"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
{"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj },
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index a338b5eb4d..a14c6cd7e8 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -8,6 +8,7 @@
* Copyright (C) Jeremy Allison 2001-2002,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002.
+ * Copyright (C) Gerald (Jerry) Carter 2003.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -3787,7 +3788,8 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
/* check if the user exists before trying to delete */
pdb_init_sam(&sam_pass);
if(!pdb_getsampwsid(sam_pass, &user_sid)) {
- DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
+ DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n",
+ sid_string_static(&user_sid)));
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
@@ -4283,13 +4285,75 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
}
/*********************************************************************
- _samr_unknown_2d
+ _samr_remove_user_foreign_domain
*********************************************************************/
-NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u)
+NTSTATUS _samr_remove_user_foreign_domain(pipes_struct *p,
+ SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN *q_u,
+ SAMR_R_REMOVE_USER_FOREIGN_DOMAIN *r_u)
{
- DEBUG(0,("_samr_unknown_2d: Not yet implemented.\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
+ DOM_SID user_sid, dom_sid;
+ SAM_ACCOUNT *sam_pass=NULL;
+ uint32 acc_granted;
+
+ sid_copy( &user_sid, &q_u->sid.sid );
+
+ DEBUG(5,("_samr_remove_user_foreign_domain: removing user [%s]\n",
+ sid_string_static(&user_sid)));
+
+ /* Find the policy handle. Open a policy on it. */
+
+ if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted))
+ return NT_STATUS_INVALID_HANDLE;
+
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS, "_samr_remove_user_foreign_domain")))
+ {
+ return r_u->status;
+ }
+
+ if ( !sid_check_is_in_our_domain(&user_sid) ) {
+ DEBUG(5,("_samr_remove_user_foreign_domain: user not is our domain!\n"));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* check if the user exists before trying to delete */
+
+ pdb_init_sam(&sam_pass);
+
+ if ( !pdb_getsampwsid(sam_pass, &user_sid) ) {
+
+ DEBUG(5,("_samr_remove_user_foreign_domain:User %s doesn't exist.\n",
+ sid_string_static(&user_sid)));
+
+ pdb_free_sam(&sam_pass);
+
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /*
+ * delete the unix side
+ *
+ * note: we don't check if the delete really happened
+ * as the script is not necessary present
+ * and maybe the sysadmin doesn't want to delete the unix side
+ */
+
+ smb_delete_user(pdb_get_username(sam_pass));
+
+ /* and delete the samba side */
+
+ if ( !pdb_delete_sam_account(sam_pass) ) {
+
+ DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass)));
+ pdb_free_sam(&sam_pass);
+
+ return NT_STATUS_CANNOT_DELETE;
+ }
+
+ pdb_free_sam(&sam_pass);
+
+ return NT_STATUS_OK;
}
/*******************************************************************