/* * sam_delete_account * * Attempt to remove an account from the SAM database on the specified * server. * * Returns NT status codes. */ DWORD sam_delete_account(char *server, char *domain_name, char *account_name) { mlsvc_handle_t samr_handle; mlsvc_handle_t domain_handle; mlsvc_handle_t user_handle; smb_account_t ainfo; smb_sid_t *sid; DWORD access_mask; DWORD status; int rc; char user[SMB_USERNAME_MAXLEN]; smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION, &samr_handle); if (rc != 0) return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); sid = samr_lookup_domain(&samr_handle, domain_name); if (sid == NULL) { status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; goto out_samr_hdl; } status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION, (struct samr_sid *)sid, &domain_handle); if (status != NT_STATUS_SUCCESS) goto out_sid_ptr; status = samr_lookup_domain_names(&domain_handle, account_name, &ainfo); if (status != NT_STATUS_SUCCESS) goto out_dom_hdl; access_mask = STANDARD_RIGHTS_EXECUTE | DELETE; status = samr_open_user(&domain_handle, access_mask, ainfo.a_rid, &user_handle); if (status != NT_STATUS_SUCCESS) goto out_dom_hdl; status = samr_delete_user(&user_handle); (void) samr_close_handle(&user_handle); out_dom_hdl: (void) samr_close_handle(&domain_handle); out_sid_ptr: free(sid); out_samr_hdl: (void) samr_close_handle(&samr_handle); return (status); }
/* * sam_check_user * * Check to see if user have permission to access computer account. * The user being checked is the specified user for joining the Solaris * host to the domain. */ DWORD sam_check_user(char *server, char *domain_name, char *account_name) { mlsvc_handle_t samr_handle; mlsvc_handle_t domain_handle; mlsvc_handle_t user_handle; smb_account_t ainfo; struct samr_sid *sid; DWORD access_mask; DWORD status; int rc; char user[SMB_USERNAME_MAXLEN]; smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION, &samr_handle); if (rc != 0) return (NT_STATUS_OPEN_FAILED); sid = sam_get_domain_sid(&samr_handle, server, domain_name); status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION, sid, &domain_handle); free(sid); if (status != NT_STATUS_SUCCESS) { (void) samr_close_handle(&samr_handle); return (status); } status = samr_lookup_domain_names(&domain_handle, account_name, &ainfo); if (status == NT_STATUS_SUCCESS) { /* * Win2000 client uses this access mask. The * following SAMR user specific rights bits are * set: set password, set attributes, and get * attributes. */ access_mask = 0xb0; status = samr_open_user(&domain_handle, access_mask, ainfo.a_rid, &user_handle); if (status == NT_STATUS_SUCCESS) (void) samr_close_handle(&user_handle); } (void) samr_close_handle(&domain_handle); (void) samr_close_handle(&samr_handle); return (status); }
/* * sam_delete_account * * Attempt to remove an account from the SAM database on the specified * server. * * Returns NT status codes. */ DWORD sam_delete_account(char *server, char *domain_name, char *account_name) { mlsvc_handle_t samr_handle; mlsvc_handle_t domain_handle; mlsvc_handle_t user_handle; smb_account_t ainfo; struct samr_sid *sid; DWORD access_mask; DWORD status; int rc; char user[SMB_USERNAME_MAXLEN]; smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION, &samr_handle); if (rc != 0) return (NT_STATUS_OPEN_FAILED); sid = sam_get_domain_sid(&samr_handle, server, domain_name); status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION, sid, &domain_handle); free(sid); if (status != NT_STATUS_SUCCESS) { (void) samr_close_handle(&samr_handle); return (status); } status = samr_lookup_domain_names(&domain_handle, account_name, &ainfo); if (status == NT_STATUS_SUCCESS) { access_mask = STANDARD_RIGHTS_EXECUTE | DELETE; status = samr_open_user(&domain_handle, access_mask, ainfo.a_rid, &user_handle); if (status == NT_STATUS_SUCCESS) { if (samr_delete_user(&user_handle) != 0) (void) samr_close_handle(&user_handle); } } (void) samr_close_handle(&domain_handle); (void) samr_close_handle(&samr_handle); return (status); }
static DWORD mlsvc_join_rpc(smb_domainex_t *dxi, char *admin_user, char *admin_pw, char *machine_name, char *machine_pw) { mlsvc_handle_t samr_handle; mlsvc_handle_t domain_handle; mlsvc_handle_t user_handle; smb_account_t ainfo; char *server = dxi->d_dci.dc_name; smb_domain_t *di = &dxi->d_primary; DWORD account_flags; DWORD rid; DWORD status; int rc; /* Caller did smb_ipc_set() so we don't need the pw for now. */ _NOTE(ARGUNUSED(admin_pw)); rc = samr_open(server, di->di_nbname, admin_user, MAXIMUM_ALLOWED, &samr_handle); if (rc != 0) { syslog(LOG_NOTICE, "sam_connect to server %s failed", server); return (RPC_NT_SERVER_UNAVAILABLE); } /* have samr_handle */ status = samr_open_domain(&samr_handle, MAXIMUM_ALLOWED, (struct samr_sid *)di->di_binsid, &domain_handle); if (status != NT_STATUS_SUCCESS) goto out_samr_handle; /* have domain_handle */ account_flags = SAMR_AF_WORKSTATION_TRUST_ACCOUNT; status = samr_create_user(&domain_handle, machine_name, account_flags, &rid, &user_handle); if (status == NT_STATUS_USER_EXISTS) { status = samr_lookup_domain_names(&domain_handle, machine_name, &ainfo); if (status != NT_STATUS_SUCCESS) goto out_domain_handle; status = samr_open_user(&domain_handle, MAXIMUM_ALLOWED, ainfo.a_rid, &user_handle); } if (status != NT_STATUS_SUCCESS) { syslog(LOG_NOTICE, "smbd: failed to open machine account (%s)", xlate_nt_status(status)); goto out_domain_handle; } /* * The account exists, and we have user_handle open * on that account. Set the password and flags. */ status = netr_set_user_password(&user_handle, machine_pw); if (status != NT_STATUS_SUCCESS) { syslog(LOG_NOTICE, "smbd: failed to set machine account password (%s)", xlate_nt_status(status)); goto out_user_handle; } account_flags |= SAMR_AF_DONT_EXPIRE_PASSWD; status = netr_set_user_control(&user_handle, account_flags); if (status != NT_STATUS_SUCCESS) { syslog(LOG_NOTICE, "Set machine account control flags: %s", xlate_nt_status(status)); goto out_user_handle; } out_user_handle: (void) samr_close_handle(&user_handle); out_domain_handle: (void) samr_close_handle(&domain_handle); out_samr_handle: (void) samr_close_handle(&samr_handle); return (status); }