185
PCWSTR pwszMachineName,
186
PCWSTR pwszDomainName,
187
PCWSTR pwszAccountName,
192
DWORD dwError = ERROR_SUCCESS;
193
NTSTATUS ntStatus = STATUS_SUCCESS;
194
HANDLE hStore = (HANDLE)NULL;
195
PLWPS_PASSWORD_INFO pPassInfo = NULL;
196
PSTR pszLocalname = NULL;
197
PWSTR pwszDCName = NULL;
198
PWSTR pwszMachine = NULL;
199
PIO_CREDS pCreds = NULL;
200
size_t sMachinePasswordLen = 0;
202
BAIL_ON_INVALID_POINTER(pwszMachineName);
203
BAIL_ON_INVALID_POINTER(pwszDomainName);
205
dwError = LwAllocateWc16String(&pwszMachine,
207
BAIL_ON_LSA_ERROR(dwError);
209
dwError = LsaGetHostInfo(&pszLocalname);
210
BAIL_ON_LSA_ERROR(dwError);
212
dwError = LsaGetRwDcName(pwszDomainName,
215
BAIL_ON_LSA_ERROR(dwError);
217
ntStatus = LwpsOpenPasswordStore(LWPS_PASSWORD_STORE_DEFAULT,
219
BAIL_ON_NT_STATUS(ntStatus);
221
ntStatus = LwpsGetPasswordByHostName(hStore,
224
BAIL_ON_NT_STATUS(ntStatus);
226
/* disable the account only if requested */
227
if (dwUnjoinFlags & LSAJOIN_ACCT_DELETE)
229
if (pwszAccountName && pwszPassword)
231
ntStatus = LwIoCreatePlainCredsW(pwszAccountName,
235
BAIL_ON_NT_STATUS(ntStatus);
239
ntStatus = LwIoGetActiveCreds(NULL,
241
BAIL_ON_NT_STATUS(ntStatus);
244
ntStatus = LsaDisableMachineAccount(pwszDCName,
246
pPassInfo->pwszMachineAccount,
248
BAIL_ON_NT_STATUS(ntStatus);
251
dwError = LwWc16sLen(pPassInfo->pwszMachinePassword,
252
&sMachinePasswordLen);
253
BAIL_ON_LSA_ERROR(dwError);
255
/* zero the machine password */
256
memset(pPassInfo->pwszMachinePassword,
258
sMachinePasswordLen);
260
pPassInfo->last_change_time = time(NULL);
262
ntStatus = LwpsWritePasswordToAllStores(pPassInfo);
263
BAIL_ON_NT_STATUS(ntStatus);
266
LW_SAFE_FREE_MEMORY(pszLocalname);
267
LW_SAFE_FREE_MEMORY(pwszDCName);
268
LW_SAFE_FREE_MEMORY(pwszMachine);
272
LwpsFreePasswordInfo(hStore, pPassInfo);
275
if (hStore != (HANDLE)NULL)
277
LwpsClosePasswordStore(hStore);
282
LwIoDeleteCreds(pCreds);
285
if (dwError == ERROR_SUCCESS &&
286
ntStatus != STATUS_SUCCESS)
288
dwError = NtStatusToWin32Error(ntStatus);
303
DWORD dwError = ERROR_SUCCESS;
304
NTSTATUS ntStatus = STATUS_SUCCESS;
305
CHAR szBuffer[256] = {0};
306
PSTR pszLocal = NULL;
309
PSTR pszHostname = NULL;
311
*ppszHostname = NULL;
313
if (gethostname(szBuffer, sizeof(szBuffer)) != 0)
315
dwError = LwErrnoToWin32Error(errno);
316
BAIL_ON_LSA_ERROR(dwError);
319
len = strlen(szBuffer);
320
if (len > strlen(".local"))
322
pszLocal = &szBuffer[len - strlen(".local")];
323
if (!strcasecmp(pszLocal, ".local"))
329
/* Test to see if the name is still dotted. If so we will chop it down to
330
just the hostname field. */
331
pszDot = strchr(szBuffer, '.');
337
len = strlen(szBuffer) + 1;
338
ntStatus = LwAllocateMemory(len,
339
OUT_PPVOID(&pszHostname));
340
BAIL_ON_NT_STATUS(ntStatus);
342
memcpy((void *)pszHostname, szBuffer, len);
346
*ppszHostname = pszHostname;
351
LW_SAFE_FREE_MEMORY(pszHostname);
353
if (dwError == ERROR_SUCCESS &&
354
ntStatus != STATUS_SUCCESS)
356
dwError = LwNtStatusToWin32Error(ntStatus);
368
LsaDisableMachineAccount(
371
PWSTR pwszMachineAccountName,
375
const DWORD dwConnAccess = SAMR_ACCESS_OPEN_DOMAIN |
376
SAMR_ACCESS_ENUM_DOMAINS;
378
const DWORD dwDomainAccess = DOMAIN_ACCESS_ENUM_ACCOUNTS |
379
DOMAIN_ACCESS_OPEN_ACCOUNT |
380
DOMAIN_ACCESS_LOOKUP_INFO_2;
382
const DWORD dwUserAccess = USER_ACCESS_GET_ATTRIBUTES |
383
USER_ACCESS_SET_ATTRIBUTES |
384
USER_ACCESS_SET_PASSWORD;
386
NTSTATUS ntStatus = STATUS_SUCCESS;
387
DWORD dwError = ERROR_SUCCESS;
388
SAMR_BINDING hSamrBinding = NULL;
389
CONNECT_HANDLE hConnect = NULL;
390
PSID pBuiltinSid = NULL;
393
PWSTR *ppwszDomainNames = NULL;
395
DWORD dwNumEntries = 0;
397
PSID pDomainSid = NULL;
398
DOMAIN_HANDLE hDomain = NULL;
399
PDWORD pdwRids = NULL;
400
PDWORD pdwTypes = NULL;
401
ACCOUNT_HANDLE hUser = NULL;
403
UserInfo *pInfo = NULL;
404
DWORD dwFlagsDisable = 0;
407
memset(&Info, 0, sizeof(Info));
409
ntStatus = SamrInitBindingDefault(&hSamrBinding,
412
BAIL_ON_NT_STATUS(ntStatus);
414
ntStatus = SamrConnect2(hSamrBinding,
418
BAIL_ON_NT_STATUS(ntStatus);
420
dwError = LwCreateWellKnownSid(WinBuiltinDomainSid,
424
BAIL_ON_LSA_ERROR(dwError);
428
ntStatus = SamrEnumDomains(hSamrBinding,
434
BAIL_ON_NT_STATUS(ntStatus);
436
if (ntStatus != STATUS_SUCCESS &&
437
ntStatus != STATUS_MORE_ENTRIES)
439
BAIL_ON_NT_STATUS(ntStatus);
442
for (i = 0; pDomainSid == NULL && i < dwNumEntries; i++)
444
ntStatus = SamrLookupDomain(hSamrBinding,
448
BAIL_ON_NT_STATUS(ntStatus);
450
if (!RtlEqualSid(pSid, pBuiltinSid))
452
ntStatus = RtlDuplicateSid(&pDomainSid, pSid);
453
BAIL_ON_NT_STATUS(ntStatus);
458
SamrFreeMemory(pSid);
463
if (ppwszDomainNames)
465
SamrFreeMemory(ppwszDomainNames);
466
ppwszDomainNames = NULL;
469
while (ntStatus == STATUS_MORE_ENTRIES);
471
ntStatus = SamrOpenDomain(hSamrBinding,
476
BAIL_ON_NT_STATUS(ntStatus);
478
ntStatus = SamrLookupNames(hSamrBinding,
481
&pwszMachineAccountName,
485
if (ntStatus == STATUS_NONE_MAPPED)
487
BAIL_ON_LSA_ERROR(NERR_SetupAlreadyJoined);
490
ntStatus = SamrOpenUser(hSamrBinding,
495
BAIL_ON_NT_STATUS(ntStatus);
499
ntStatus = SamrQueryUserInfo(hSamrBinding,
503
BAIL_ON_NT_STATUS(ntStatus);
505
dwFlagsDisable = pInfo->info16.account_flags | ACB_DISABLED;
507
Info.info16.account_flags = dwFlagsDisable;
508
ntStatus = SamrSetUserInfo2(hSamrBinding,
512
BAIL_ON_NT_STATUS(ntStatus);
515
if (hSamrBinding && hUser)
517
SamrClose(hSamrBinding, hUser);
520
if (hSamrBinding && hDomain)
522
SamrClose(hSamrBinding, hDomain);
525
if (hSamrBinding && hConnect)
527
SamrClose(hSamrBinding, hConnect);
532
SamrFreeBinding(&hSamrBinding);
537
SamrFreeMemory(pInfo);
542
SamrFreeMemory(pdwRids);
547
SamrFreeMemory(pdwTypes);
550
if (ppwszDomainNames)
552
SamrFreeMemory(ppwszDomainNames);
555
LW_SAFE_FREE_MEMORY(pBuiltinSid);
163
565
LsaDisableDomainGroupMembership(