← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/likewise-open/oneiric

« back to all changes in this revision

Viewing changes to lsass/join/leave.c

  • Committer: Bazaar Package Importer
  • Author(s): Scott Salley
  • Date: 2010-11-22 12:06:00 UTC
  • mfrom: (1.1.6 upstream)
  • Revision ID: james.westby@ubuntu.com-20101122120600-8lba1fpceot71wlb
Tags: 6.0.0.53010-1
Likewise Open 6.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
lsass/join/leave.c
46
46
 */
47
47
#include "includes.h"
48
48
 
49
 
DWORD
50
 
LsaNetLeaveDomain(
 
49
 
 
50
static
 
51
NTSTATUS
 
52
LsaDisableMachineAccount(
 
53
    PWSTR          pwszDCName,
 
54
    LW_PIO_CREDS   pCreds,
 
55
    PWSTR          pwszMachineAccountName,
 
56
    DWORD          dwUnjoinFlags
 
57
    );
 
58
 
 
59
 
 
60
static
 
61
DWORD
 
62
LsaUnjoinDomain(
 
63
    PCWSTR  pwszMachineName,
 
64
    PCWSTR  pwszDomainName,
 
65
    PCWSTR  pwszAccountName,
 
66
    PCWSTR  pwszPassword,
 
67
    DWORD   dwUnjoinFlags
 
68
    );
 
69
 
 
70
 
 
71
DWORD
 
72
LsaLeaveDomain(
51
73
    PCSTR pszUsername,
52
74
    PCSTR pszPassword
53
75
    )
57
79
    PSTR  pszHostname = NULL;
58
80
    PWSTR pwszHostname = NULL;
59
81
    PWSTR pwszDnsDomainName = NULL;
60
 
    DWORD dwOptions = (NETSETUP_ACCT_DELETE);
 
82
    DWORD dwOptions = LSAJOIN_ACCT_DELETE;
61
83
    PLWPS_PASSWORD_INFO pPassInfo = NULL;
62
84
    PLSA_MACHINE_ACCT_INFO pAcct = NULL;
63
85
    PLSA_CREDS_FREE_INFO pAccessInfo = NULL;
64
86
 
65
87
    if (geteuid() != 0) {
66
 
        dwError = EACCES;
 
88
        dwError = LW_ERROR_ACCESS_DENIED;
67
89
        BAIL_ON_LSA_ERROR(dwError);
68
90
    }
69
91
 
93
115
 
94
116
    if (!LW_IS_NULL_OR_EMPTY_STR(pAcct->pszDnsDomainName))
95
117
    {
96
 
        dwError = LsaMbsToWc16s(
 
118
        dwError = LwMbsToWc16s(
97
119
                    pAcct->pszDnsDomainName,
98
120
                    &pwszDnsDomainName);
99
121
        BAIL_ON_LSA_ERROR(dwError);
100
122
    }
101
123
 
102
 
    dwError = LsaMbsToWc16s(
 
124
    dwError = LwMbsToWc16s(
103
125
                    pszHostname,
104
126
                    &pwszHostname);
105
127
    BAIL_ON_LSA_ERROR(dwError);
112
134
                    pszUsername,
113
135
                    pszPassword,
114
136
                    TRUE,
115
 
                    &pAccessInfo,
116
 
                    NULL);
 
137
                    &pAccessInfo);
117
138
        BAIL_ON_LSA_ERROR(dwError);
118
139
 
119
 
        dwError = Win32ErrorToErrno(
120
 
            NetUnjoinDomainLocal(
121
 
                pwszHostname,
122
 
                pwszDnsDomainName,
123
 
                NULL,
124
 
                NULL,
125
 
                dwOptions));
 
140
        dwError = LsaUnjoinDomain(
 
141
                    pwszHostname,
 
142
                    pwszDnsDomainName,
 
143
                    NULL,
 
144
                    NULL,
 
145
                    dwOptions);
126
146
        BAIL_ON_LSA_ERROR(dwError);
127
147
    }
128
148
 
159
179
}
160
180
 
161
181
 
 
182
static
 
183
DWORD
 
184
LsaUnjoinDomain(
 
185
    PCWSTR  pwszMachineName,
 
186
    PCWSTR  pwszDomainName,
 
187
    PCWSTR  pwszAccountName,
 
188
    PCWSTR  pwszPassword,
 
189
    DWORD   dwUnjoinFlags
 
190
    )
 
191
{
 
192
    DWORD dwError = ERROR_SUCCESS;
 
193
    NTSTATUS ntStatus = STATUS_SUCCESS;
 
194
    HANDLE hStore = (HANDLE)NULL;
 
195
    PLWPS_PASSWORD_INFO pPassInfo = NULL;
 
196
    PSTR pszLocalname = NULL;
 
197
    PWSTR pwszDCName = NULL;
 
198
    PWSTR pwszMachine = NULL;
 
199
    PIO_CREDS pCreds = NULL;
 
200
    size_t sMachinePasswordLen = 0;
 
201
 
 
202
    BAIL_ON_INVALID_POINTER(pwszMachineName);
 
203
    BAIL_ON_INVALID_POINTER(pwszDomainName);
 
204
 
 
205
    dwError = LwAllocateWc16String(&pwszMachine,
 
206
                                   pwszMachineName);
 
207
    BAIL_ON_LSA_ERROR(dwError);
 
208
 
 
209
    dwError = LsaGetHostInfo(&pszLocalname);
 
210
    BAIL_ON_LSA_ERROR(dwError);
 
211
 
 
212
    dwError = LsaGetRwDcName(pwszDomainName,
 
213
                             FALSE,
 
214
                             &pwszDCName);
 
215
    BAIL_ON_LSA_ERROR(dwError);
 
216
 
 
217
    ntStatus = LwpsOpenPasswordStore(LWPS_PASSWORD_STORE_DEFAULT,
 
218
                                     &hStore);
 
219
    BAIL_ON_NT_STATUS(ntStatus);
 
220
 
 
221
    ntStatus = LwpsGetPasswordByHostName(hStore,
 
222
                                         pszLocalname,
 
223
                                         &pPassInfo);
 
224
    BAIL_ON_NT_STATUS(ntStatus);
 
225
 
 
226
    /* disable the account only if requested */
 
227
    if (dwUnjoinFlags & LSAJOIN_ACCT_DELETE)
 
228
    {
 
229
        if (pwszAccountName && pwszPassword)
 
230
        {
 
231
            ntStatus = LwIoCreatePlainCredsW(pwszAccountName,
 
232
                                             pwszDomainName,
 
233
                                             pwszPassword,
 
234
                                             &pCreds);
 
235
            BAIL_ON_NT_STATUS(ntStatus);
 
236
        }
 
237
        else
 
238
        {
 
239
            ntStatus = LwIoGetActiveCreds(NULL,
 
240
                                          &pCreds);
 
241
            BAIL_ON_NT_STATUS(ntStatus);
 
242
        }
 
243
 
 
244
        ntStatus = LsaDisableMachineAccount(pwszDCName,
 
245
                                            pCreds,
 
246
                                            pPassInfo->pwszMachineAccount,
 
247
                                            dwUnjoinFlags);
 
248
        BAIL_ON_NT_STATUS(ntStatus);
 
249
    }
 
250
 
 
251
    dwError = LwWc16sLen(pPassInfo->pwszMachinePassword,
 
252
                         &sMachinePasswordLen);
 
253
    BAIL_ON_LSA_ERROR(dwError);
 
254
 
 
255
    /* zero the machine password */
 
256
    memset(pPassInfo->pwszMachinePassword,
 
257
           0,
 
258
           sMachinePasswordLen);
 
259
 
 
260
    pPassInfo->last_change_time = time(NULL);
 
261
 
 
262
    ntStatus = LwpsWritePasswordToAllStores(pPassInfo);
 
263
    BAIL_ON_NT_STATUS(ntStatus);
 
264
 
 
265
cleanup:
 
266
    LW_SAFE_FREE_MEMORY(pszLocalname);
 
267
    LW_SAFE_FREE_MEMORY(pwszDCName);
 
268
    LW_SAFE_FREE_MEMORY(pwszMachine);
 
269
 
 
270
    if (pPassInfo)
 
271
    {
 
272
        LwpsFreePasswordInfo(hStore, pPassInfo);
 
273
    }
 
274
 
 
275
    if (hStore != (HANDLE)NULL)
 
276
    {
 
277
        LwpsClosePasswordStore(hStore);
 
278
    }
 
279
 
 
280
    if (pCreds)
 
281
    {
 
282
        LwIoDeleteCreds(pCreds);
 
283
    }
 
284
 
 
285
    if (dwError == ERROR_SUCCESS &&
 
286
        ntStatus != STATUS_SUCCESS)
 
287
    {
 
288
        dwError = NtStatusToWin32Error(ntStatus);
 
289
    }
 
290
 
 
291
    return dwError;
 
292
 
 
293
error:
 
294
    goto cleanup;
 
295
}
 
296
 
 
297
 
 
298
DWORD
 
299
LsaGetHostInfo(
 
300
    PSTR* ppszHostname
 
301
    )
 
302
{
 
303
    DWORD dwError = ERROR_SUCCESS;
 
304
    NTSTATUS ntStatus = STATUS_SUCCESS;
 
305
    CHAR szBuffer[256] = {0};
 
306
    PSTR pszLocal = NULL;
 
307
    PSTR pszDot = NULL;
 
308
    size_t len = 0;
 
309
    PSTR pszHostname = NULL;
 
310
 
 
311
    *ppszHostname = NULL;
 
312
 
 
313
    if (gethostname(szBuffer, sizeof(szBuffer)) != 0)
 
314
    {
 
315
        dwError = LwErrnoToWin32Error(errno);
 
316
        BAIL_ON_LSA_ERROR(dwError);
 
317
    }
 
318
 
 
319
    len = strlen(szBuffer);
 
320
    if (len > strlen(".local"))
 
321
    {
 
322
        pszLocal = &szBuffer[len - strlen(".local")];
 
323
        if (!strcasecmp(pszLocal, ".local"))
 
324
        {
 
325
            pszLocal[0] = '\0';
 
326
        }
 
327
    }
 
328
 
 
329
    /* Test to see if the name is still dotted. If so we will chop it down to
 
330
       just the hostname field. */
 
331
    pszDot = strchr(szBuffer, '.');
 
332
    if ( pszDot )
 
333
    {
 
334
        pszDot[0] = '\0';
 
335
    }
 
336
 
 
337
    len = strlen(szBuffer) + 1;
 
338
    ntStatus = LwAllocateMemory(len,
 
339
                                OUT_PPVOID(&pszHostname));
 
340
    BAIL_ON_NT_STATUS(ntStatus);
 
341
 
 
342
    memcpy((void *)pszHostname, szBuffer, len);
 
343
 
 
344
    if (ppszHostname)
 
345
    {
 
346
        *ppszHostname = pszHostname;
 
347
        pszHostname = NULL;
 
348
    }
 
349
 
 
350
cleanup:
 
351
    LW_SAFE_FREE_MEMORY(pszHostname);
 
352
 
 
353
    if (dwError == ERROR_SUCCESS &&
 
354
        ntStatus != STATUS_SUCCESS)
 
355
    {
 
356
        dwError = LwNtStatusToWin32Error(ntStatus);
 
357
    }
 
358
 
 
359
    return dwError;
 
360
 
 
361
error:
 
362
    goto cleanup;
 
363
}
 
364
 
 
365
 
 
366
static
 
367
NTSTATUS
 
368
LsaDisableMachineAccount(
 
369
    PWSTR          pwszDCName,
 
370
    LW_PIO_CREDS   pCreds,
 
371
    PWSTR          pwszMachineAccountName,
 
372
    DWORD          dwUnjoinFlags
 
373
    )
 
374
{
 
375
    const DWORD dwConnAccess = SAMR_ACCESS_OPEN_DOMAIN |
 
376
                               SAMR_ACCESS_ENUM_DOMAINS;
 
377
 
 
378
    const DWORD dwDomainAccess = DOMAIN_ACCESS_ENUM_ACCOUNTS |
 
379
                                 DOMAIN_ACCESS_OPEN_ACCOUNT |
 
380
                                 DOMAIN_ACCESS_LOOKUP_INFO_2;
 
381
 
 
382
    const DWORD dwUserAccess = USER_ACCESS_GET_ATTRIBUTES |
 
383
                               USER_ACCESS_SET_ATTRIBUTES |
 
384
                               USER_ACCESS_SET_PASSWORD;
 
385
 
 
386
    NTSTATUS ntStatus = STATUS_SUCCESS;
 
387
    DWORD dwError = ERROR_SUCCESS;
 
388
    SAMR_BINDING hSamrBinding = NULL;
 
389
    CONNECT_HANDLE hConnect = NULL;
 
390
    PSID pBuiltinSid = NULL;
 
391
    DWORD dwResume = 0;
 
392
    DWORD dwSize = 256;
 
393
    PWSTR *ppwszDomainNames = NULL;
 
394
    DWORD i = 0;
 
395
    DWORD dwNumEntries = 0;
 
396
    PSID pSid = NULL;
 
397
    PSID pDomainSid = NULL;
 
398
    DOMAIN_HANDLE hDomain = NULL;
 
399
    PDWORD pdwRids = NULL;
 
400
    PDWORD pdwTypes = NULL;
 
401
    ACCOUNT_HANDLE hUser = NULL;
 
402
    DWORD dwLevel = 0;
 
403
    UserInfo *pInfo = NULL;
 
404
    DWORD dwFlagsDisable = 0;
 
405
    UserInfo Info;
 
406
 
 
407
    memset(&Info, 0, sizeof(Info));
 
408
 
 
409
    ntStatus = SamrInitBindingDefault(&hSamrBinding,
 
410
                                      pwszDCName,
 
411
                                      pCreds);
 
412
    BAIL_ON_NT_STATUS(ntStatus);
 
413
 
 
414
    ntStatus = SamrConnect2(hSamrBinding,
 
415
                            pwszDCName,
 
416
                            dwConnAccess,
 
417
                            &hConnect);
 
418
    BAIL_ON_NT_STATUS(ntStatus);
 
419
 
 
420
    dwError = LwCreateWellKnownSid(WinBuiltinDomainSid,
 
421
                                   NULL,
 
422
                                   &pBuiltinSid,
 
423
                                   NULL);
 
424
    BAIL_ON_LSA_ERROR(dwError);
 
425
 
 
426
    do
 
427
    {
 
428
        ntStatus = SamrEnumDomains(hSamrBinding,
 
429
                                   hConnect,
 
430
                                   &dwResume,
 
431
                                   dwSize,
 
432
                                   &ppwszDomainNames,
 
433
                                   &dwNumEntries);
 
434
        BAIL_ON_NT_STATUS(ntStatus);
 
435
 
 
436
        if (ntStatus != STATUS_SUCCESS &&
 
437
            ntStatus != STATUS_MORE_ENTRIES)
 
438
        {
 
439
            BAIL_ON_NT_STATUS(ntStatus);
 
440
        }
 
441
 
 
442
        for (i = 0; pDomainSid == NULL && i < dwNumEntries; i++)
 
443
        {
 
444
            ntStatus = SamrLookupDomain(hSamrBinding,
 
445
                                        hConnect,
 
446
                                        ppwszDomainNames[i],
 
447
                                        &pSid);
 
448
            BAIL_ON_NT_STATUS(ntStatus);
 
449
 
 
450
            if (!RtlEqualSid(pSid, pBuiltinSid))
 
451
            {
 
452
                ntStatus = RtlDuplicateSid(&pDomainSid, pSid);
 
453
                BAIL_ON_NT_STATUS(ntStatus);
 
454
            }
 
455
 
 
456
            if (pSid)
 
457
            {
 
458
                SamrFreeMemory(pSid);
 
459
                pSid = NULL;
 
460
            }
 
461
        }
 
462
 
 
463
        if (ppwszDomainNames)
 
464
        {
 
465
            SamrFreeMemory(ppwszDomainNames);
 
466
            ppwszDomainNames = NULL;
 
467
        }
 
468
    }
 
469
    while (ntStatus == STATUS_MORE_ENTRIES);
 
470
 
 
471
    ntStatus = SamrOpenDomain(hSamrBinding,
 
472
                              hConnect,
 
473
                              dwDomainAccess,
 
474
                              pDomainSid,
 
475
                              &hDomain);
 
476
    BAIL_ON_NT_STATUS(ntStatus);
 
477
 
 
478
    ntStatus = SamrLookupNames(hSamrBinding,
 
479
                               hDomain,
 
480
                               1,
 
481
                               &pwszMachineAccountName,
 
482
                               &pdwRids,
 
483
                               &pdwTypes,
 
484
                               NULL);
 
485
    if (ntStatus == STATUS_NONE_MAPPED)
 
486
    {
 
487
        BAIL_ON_LSA_ERROR(NERR_SetupAlreadyJoined);
 
488
    }
 
489
 
 
490
    ntStatus = SamrOpenUser(hSamrBinding,
 
491
                            hDomain,
 
492
                            dwUserAccess,
 
493
                            pdwRids[0],
 
494
                            &hUser);
 
495
    BAIL_ON_NT_STATUS(ntStatus);
 
496
 
 
497
    dwLevel = 16;
 
498
 
 
499
    ntStatus = SamrQueryUserInfo(hSamrBinding,
 
500
                                 hUser,
 
501
                                 dwLevel,
 
502
                                 &pInfo);
 
503
    BAIL_ON_NT_STATUS(ntStatus);
 
504
 
 
505
    dwFlagsDisable = pInfo->info16.account_flags | ACB_DISABLED;
 
506
 
 
507
    Info.info16.account_flags = dwFlagsDisable;
 
508
    ntStatus = SamrSetUserInfo2(hSamrBinding,
 
509
                                hUser,
 
510
                                dwLevel,
 
511
                                &Info);
 
512
    BAIL_ON_NT_STATUS(ntStatus);
 
513
 
 
514
cleanup:
 
515
    if (hSamrBinding && hUser)
 
516
    {
 
517
        SamrClose(hSamrBinding, hUser);
 
518
    }
 
519
 
 
520
    if (hSamrBinding && hDomain)
 
521
    {
 
522
        SamrClose(hSamrBinding, hDomain);
 
523
    }
 
524
 
 
525
    if (hSamrBinding && hConnect)
 
526
    {
 
527
        SamrClose(hSamrBinding, hConnect);
 
528
    }
 
529
 
 
530
    if (hSamrBinding)
 
531
    {
 
532
        SamrFreeBinding(&hSamrBinding);
 
533
    }
 
534
 
 
535
    if (pInfo)
 
536
    {
 
537
        SamrFreeMemory(pInfo);
 
538
    }
 
539
 
 
540
    if (pdwRids)
 
541
    {
 
542
        SamrFreeMemory(pdwRids);
 
543
    }
 
544
 
 
545
    if (pdwTypes)
 
546
    {
 
547
        SamrFreeMemory(pdwTypes);
 
548
    }
 
549
 
 
550
    if (ppwszDomainNames)
 
551
    {
 
552
        SamrFreeMemory(ppwszDomainNames);
 
553
    }
 
554
 
 
555
    LW_SAFE_FREE_MEMORY(pBuiltinSid);
 
556
 
 
557
    return ntStatus;
 
558
 
 
559
error:
 
560
    goto cleanup;
 
561
}
 
562
 
 
563
 
162
564
DWORD
163
565
LsaDisableDomainGroupMembership(
164
566
    VOID