From 7930f15f5dce0dd72b354f903a758b03988371b8 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 19 Jun 2009 13:46:07 -0400 Subject: Don't require "Modify property" perms to unjoin bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well. --- source3/librpc/gen_ndr/libnet_join.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/librpc/gen_ndr/libnet_join.h') diff --git a/source3/librpc/gen_ndr/libnet_join.h b/source3/librpc/gen_ndr/libnet_join.h index ed49062a78..cf915cbf18 100644 --- a/source3/librpc/gen_ndr/libnet_join.h +++ b/source3/librpc/gen_ndr/libnet_join.h @@ -2,13 +2,13 @@ #include +#include "libcli/util/ntstatus.h" + #include "librpc/gen_ndr/wkssvc.h" #include "librpc/gen_ndr/security.h" #ifndef _HEADER_libnetjoin #define _HEADER_libnetjoin -enum netr_SchannelType; - struct libnet_JoinCtx { struct { @@ -58,6 +58,7 @@ struct libnet_UnjoinCtx { const char * admin_password; const char * machine_password; uint32_t unjoin_flags; + uint8_t delete_machine_account; uint8_t modify_config; struct dom_sid *domain_sid;/* [ref] */ struct ads_struct *ads;/* [ref] */ -- cgit