diff options
-rw-r--r-- | source3/include/rpc_samr.h | 14 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 12 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 27 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 74 |
4 files changed, 93 insertions, 34 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 8ec274176a..4d9ad0b2e1 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -127,7 +127,7 @@ SamrTestPrivateFunctionsUser #define SAMR_UNKNOWN_2a 0x2a #define SAMR_UNKNOWN_2b 0x2b #define SAMR_GET_USRDOM_PWINFO 0x2c -#define SAMR_UNKNOWN_2D 0x2d +#define SAMR_REMOVE_USER_FOREIGN_DOMAIN 0x2d #define SAMR_UNKNOWN_2E 0x2e /* looks like an alias for SAMR_QUERY_DOMAIN_INFO */ #define SAMR_UNKNOWN_2f 0x2f #define SAMR_QUERY_DISPINFO3 0x30 /* Alias for SAMR_QUERY_DISPINFO @@ -1786,21 +1786,21 @@ typedef struct r_samr_chgpasswd_user_info } SAMR_R_CHGPASSWD_USER; -/* SAMR_Q_UNKNOWN_2D */ -typedef struct q_samr_unknown_2d_info +/* SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN */ +typedef struct q_samr_remove_user_foreign_domain_info { POLICY_HND dom_pol; /* policy handle */ DOM_SID2 sid; /* SID */ -} SAMR_Q_UNKNOWN_2D; +} SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN; -/* SAMR_R_UNKNOWN_2D - probably an open */ -typedef struct r_samr_unknown_2d_info +/* SAMR_R_REMOVE_USER_FOREIGN_DOMAIN */ +typedef struct r_samr_remove_user_foreign_domain_info { NTSTATUS status; /* return status */ -} SAMR_R_UNKNOWN_2D; +} SAMR_R_REMOVE_USER_FOREIGN_DOMAIN; diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index fce3195225..1fe9b3231f 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -183,9 +183,9 @@ BOOL samr_io_r_lookup_domain(const char *desc, SAMR_R_LOOKUP_DOMAIN * r_u, reads or writes a structure. ********************************************************************/ -void init_samr_q_unknown_2d(SAMR_Q_UNKNOWN_2D * q_u, POLICY_HND *dom_pol, DOM_SID *sid) +void init_samr_q_remove_user_foreign_domain(SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN * q_u, POLICY_HND *dom_pol, DOM_SID *sid) { - DEBUG(5, ("samr_init_samr_q_unknown_2d\n")); + DEBUG(5, ("samr_init_samr_q_remove_user_foreign_domain\n")); q_u->dom_pol = *dom_pol; init_dom_sid2(&q_u->sid, sid); @@ -195,13 +195,13 @@ void init_samr_q_unknown_2d(SAMR_Q_UNKNOWN_2D * q_u, POLICY_HND *dom_pol, DOM_SI reads or writes a structure. ********************************************************************/ -BOOL samr_io_q_unknown_2d(const char *desc, SAMR_Q_UNKNOWN_2D * q_u, +BOOL samr_io_q_remove_user_foreign_domain(const char *desc, SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN * q_u, prs_struct *ps, int depth) { if (q_u == NULL) return False; - prs_debug(ps, depth, desc, "samr_io_q_unknown_2d"); + prs_debug(ps, depth, desc, "samr_io_q_remove_user_foreign_domain"); depth++; if(!prs_align(ps)) @@ -223,13 +223,13 @@ BOOL samr_io_q_unknown_2d(const char *desc, SAMR_Q_UNKNOWN_2D * q_u, reads or writes a structure. ********************************************************************/ -BOOL samr_io_r_unknown_2d(const char *desc, SAMR_R_UNKNOWN_2D * r_u, +BOOL samr_io_r_remove_user_foreign_domain(const char *desc, SAMR_R_REMOVE_USER_FOREIGN_DOMAIN * r_u, prs_struct *ps, int depth) { if (r_u == NULL) return False; - prs_debug(ps, depth, desc, "samr_io_r_unknown_2d"); + prs_debug(ps, depth, desc, "samr_io_r_remove_user_foreign_domain"); depth++; if(!prs_align(ps)) diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index d9624bdff0..d9d1a45dce 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -386,7 +386,7 @@ static BOOL api_samr_chgpasswd_user(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* unknown 38 command */ + /* change password request */ if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) { DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n")); return False; @@ -448,7 +448,6 @@ static BOOL api_samr_open_user(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 22 */ if(!samr_io_q_open_user("", &q_u, data, 0)) { DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n")); return False; @@ -479,7 +478,6 @@ static BOOL api_samr_query_userinfo(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 24 */ if(!samr_io_q_query_userinfo("", &q_u, data, 0)){ DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n")); return False; @@ -510,7 +508,6 @@ static BOOL api_samr_query_usergroups(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 32 */ if(!samr_io_q_query_usergroups("", &q_u, data, 0)) { DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n")); return False; @@ -541,7 +538,6 @@ static BOOL api_samr_query_dom_info(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 8 command */ if(!samr_io_q_query_dom_info("", &q_u, data, 0)) { DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n")); return False; @@ -1347,13 +1343,13 @@ static BOOL api_samr_open_group(pipes_struct *p) } /******************************************************************* - api_samr_unknown_2d + api_samr_remove_user_foreign_domain ********************************************************************/ -static BOOL api_samr_unknown_2d(pipes_struct *p) +static BOOL api_samr_remove_user_foreign_domain(pipes_struct *p) { - SAMR_Q_UNKNOWN_2D q_u; - SAMR_R_UNKNOWN_2D r_u; + SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN q_u; + SAMR_R_REMOVE_USER_FOREIGN_DOMAIN r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; @@ -1361,15 +1357,15 @@ static BOOL api_samr_unknown_2d(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if (!samr_io_q_unknown_2d("", &q_u, data, 0)) { - DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n")); + if (!samr_io_q_remove_user_foreign_domain("", &q_u, data, 0)) { + DEBUG(0,("api_samr_remove_user_foreign_domain: unable to unmarshall SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN.\n")); return False; } - r_u.status = _samr_unknown_2d(p, &q_u, &r_u); + r_u.status = _samr_remove_user_foreign_domain(p, &q_u, &r_u); - if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n")); + if (!samr_io_r_remove_user_foreign_domain("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_remove_user_foreign_domain: unable to marshall SAMR_R_REMOVE_USER_FOREIGN_DOMAIN.\n")); return False; } @@ -1421,7 +1417,6 @@ static BOOL api_samr_set_dom_info(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 8 command */ if(!samr_io_q_set_domain_info("", &q_u, data, 0)) { DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n")); return False; @@ -1488,7 +1483,7 @@ static struct api_struct api_samr_cmds [] = {"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias }, {"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group }, {"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain }, - {"SAMR_UNKNOWN_2D" , SAMR_UNKNOWN_2D , api_samr_unknown_2d }, + {"SAMR_REMOVE_USER_FOREIGN_DOMAIN" , SAMR_REMOVE_USER_FOREIGN_DOMAIN , api_samr_remove_user_foreign_domain }, {"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain }, {"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj }, diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index a338b5eb4d..a14c6cd7e8 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -8,6 +8,7 @@ * Copyright (C) Jeremy Allison 2001-2002, * Copyright (C) Jean François Micouleau 1998-2001, * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002. + * Copyright (C) Gerald (Jerry) Carter 2003. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -3787,7 +3788,8 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM /* check if the user exists before trying to delete */ pdb_init_sam(&sam_pass); if(!pdb_getsampwsid(sam_pass, &user_sid)) { - DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", + sid_string_static(&user_sid))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } @@ -4283,13 +4285,75 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G } /********************************************************************* - _samr_unknown_2d + _samr_remove_user_foreign_domain *********************************************************************/ -NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u) +NTSTATUS _samr_remove_user_foreign_domain(pipes_struct *p, + SAMR_Q_REMOVE_USER_FOREIGN_DOMAIN *q_u, + SAMR_R_REMOVE_USER_FOREIGN_DOMAIN *r_u) { - DEBUG(0,("_samr_unknown_2d: Not yet implemented.\n")); - return NT_STATUS_NOT_IMPLEMENTED; + DOM_SID user_sid, dom_sid; + SAM_ACCOUNT *sam_pass=NULL; + uint32 acc_granted; + + sid_copy( &user_sid, &q_u->sid.sid ); + + DEBUG(5,("_samr_remove_user_foreign_domain: removing user [%s]\n", + sid_string_static(&user_sid))); + + /* Find the policy handle. Open a policy on it. */ + + if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, + STD_RIGHT_DELETE_ACCESS, "_samr_remove_user_foreign_domain"))) + { + return r_u->status; + } + + if ( !sid_check_is_in_our_domain(&user_sid) ) { + DEBUG(5,("_samr_remove_user_foreign_domain: user not is our domain!\n")); + return NT_STATUS_NO_SUCH_USER; + } + + /* check if the user exists before trying to delete */ + + pdb_init_sam(&sam_pass); + + if ( !pdb_getsampwsid(sam_pass, &user_sid) ) { + + DEBUG(5,("_samr_remove_user_foreign_domain:User %s doesn't exist.\n", + sid_string_static(&user_sid))); + + pdb_free_sam(&sam_pass); + + return NT_STATUS_NO_SUCH_USER; + } + + /* + * delete the unix side + * + * note: we don't check if the delete really happened + * as the script is not necessary present + * and maybe the sysadmin doesn't want to delete the unix side + */ + + smb_delete_user(pdb_get_username(sam_pass)); + + /* and delete the samba side */ + + if ( !pdb_delete_sam_account(sam_pass) ) { + + DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + + return NT_STATUS_CANNOT_DELETE; + } + + pdb_free_sam(&sam_pass); + + return NT_STATUS_OK; } /******************************************************************* |