From d1272f907d044d3f34250a9a4ac8a9acc69ea55e Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Sat, 16 May 2009 01:22:28 +0200 Subject: [PATCH] s3-privileges: add privilege_delete_account(). Guenther (cherry picked from commit dccecdf33850ec4d763b8b0e7ba7be7a8eb873de) (cherry picked from commit e3be289df092f3b16bdd06904cd543920e3da307) --- source3/include/proto.h | 1 + source3/lib/privileges.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 99cd1aa94f2..5d81c761608 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -604,6 +604,7 @@ bool revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask); bool revoke_all_privileges( DOM_SID *sid ); bool revoke_privilege_by_name(DOM_SID *sid, const char *name); NTSTATUS privilege_create_account(const DOM_SID *sid ); +NTSTATUS privilege_delete_account(const struct dom_sid *sid); NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set); NTSTATUS privilege_set_init_by_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set); void privilege_set_free(PRIVILEGE_SET *priv_set); diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b3574da858d..c8be360dc64 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -359,6 +359,34 @@ NTSTATUS privilege_create_account(const DOM_SID *sid ) return ( grant_privilege(sid, &se_priv_none) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL); } +/*************************************************************************** + Delete a privileged account +****************************************************************************/ + +NTSTATUS privilege_delete_account(const struct dom_sid *sid) +{ + struct db_context *db = get_account_pol_db(); + fstring tmp, keystr; + + if (!lp_enable_privileges()) { + return NT_STATUS_OK; + } + + if (!db) { + return NT_STATUS_INVALID_HANDLE; + } + + if (!sid || (sid->num_auths == 0)) { + return NT_STATUS_INVALID_SID; + } + + /* PRIV_ (NULL terminated) as the key */ + + fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); + + return dbwrap_delete_bystring(db, keystr); +} + /**************************************************************************** initialise a privilege list and set the talloc context ****************************************************************************/ -- 2.11.4.GIT