diff options
author | Gerald Carter <jerry@samba.org> | 2005-04-21 17:13:50 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:41 -0500 |
commit | 57eb9f47d058cc3c841aca11404bae2fed5367e4 (patch) | |
tree | 78a9b8f22907e1e2e56e44786ca40cce1a85e1ca | |
parent | d0a0930485508da9d3bd2ee2e37c3cc15896940e (diff) | |
download | samba-57eb9f47d058cc3c841aca11404bae2fed5367e4.tar.gz samba-57eb9f47d058cc3c841aca11404bae2fed5367e4.tar.bz2 samba-57eb9f47d058cc3c841aca11404bae2fed5367e4.zip |
r6421: use add machine script when creating a user (ACB_NORMAL)
who has a name ending in '$' (usrmgr.exe does this for
domain trusts (that's was jfm's original comment I think).
avoid an assert() call in libldap.
(This used to be commit 0ac57ae94202190ddbe538f7180a0443463b48cf)
-rw-r--r-- | source3/passdb/pdb_ldap.c | 3 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 04929314f0..7d66b0aaf0 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -3423,7 +3423,8 @@ static BOOL ldapsam_search_firstpage(struct pdb_search *search) state->connection->paged_results = False; } - state->current_entry = ldap_first_entry(ld, state->entries); + if ( ld ) + state->current_entry = ldap_first_entry(ld, state->entries); if (state->current_entry == NULL) { ldap_msgfree(state->entries); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index fe54476cc9..89cb49c05c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1985,13 +1985,15 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA se_priv_copy( &se_rights, &se_machine_account ); can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); } - else if ( acb_info & ACB_NORMAL ) + /* usrmgr.exe (and net rpc trustdom grant) creates a normal user + account for domain trusts and changes the ACB flags later */ + else if ( acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$') ) { pstrcpy(add_script, lp_adduser_script()); se_priv_copy( &se_rights, &se_add_users ); can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); } - else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) + else /* implicit assumption of a BDC or domain trust account here (we already check the flags earlier) */ { pstrcpy(add_script, lp_addmachine_script()); if ( lp_enable_privileges() ) { |