diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-04-23 01:04:20 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-23 01:04:20 +0000 |
| commit | 846a773bda69ecbf512f8e455e5695dbf868cda7 (patch) | |
| tree | 8d449d023229fe77d6f8938f04fb9d4071526bec | |
| parent | da6b12b93151e42aa561d8cceecdc50f7ce29eb4 (diff) | |
| download | samba-846a773bda69ecbf512f8e455e5695dbf868cda7.tar.gz samba-846a773bda69ecbf512f8e455e5695dbf868cda7.tar.bz2 samba-846a773bda69ecbf512f8e455e5695dbf868cda7.zip | |
Now that Volker fixed the real issues with ldapsam and adding null attributes
etc, move the SAMR create_user code back to using the 'pdb_init_sam_pw' method
to fill out the attributes.
This is basicly the same code, but we really didn't need the duplication.
Also, take advantage of the fact that RIDs will always be returned back into
the SAM_ACCOUNT on ADD, so we don't need to duplicate the 'get'.
This should also help in sites with replicated LDAP - the second fetch might
occour before the first is replicated back.
Andrew Bartlett
(This used to be commit 39714c24fd9da4701d4fe69ddd3d61a25254409f)
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 794fea56df..7b2cd78dc6 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2205,6 +2205,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ uint32 acc_granted; SEC_DESC *psd; size_t sd_size; + /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; /* Get the domain SID stored in the domain policy */ @@ -2290,50 +2291,26 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); } - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) { - return nt_status; - } - pw = getpwnam_alloc(account); if (pw) { - DOM_SID user_sid; - DOM_SID group_sid; - if (!uid_to_sid(&user_sid, pw->pw_uid)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; - } - - if (!gid_to_sid(&group_sid, pw->pw_gid)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) { - passwd_free(&pw); /* done with this now */ + nt_status = pdb_init_sam_pw(&sam_pass, pw); + passwd_free(&pw); /* done with this now */ + if (!NT_STATUS_IS_OK(nt_status)) { pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; + return nt_status; } - - passwd_free(&pw); /* done with this now */ } else { DEBUG(3,("attempting to create non-unix account %s\n", account)); + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) { + return nt_status; } if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) { pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; + } } pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); @@ -2344,15 +2321,6 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ account)); return NT_STATUS_ACCESS_DENIED; } - - pdb_reset_sam(sam_pass); - - if (!pdb_getsampwnam(sam_pass, account)) { - pdb_free_sam(&sam_pass); - DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", - account)); - return NT_STATUS_ACCESS_DENIED; - } /* Get the user's SID */ sid_copy(&sid, pdb_get_user_sid(sam_pass)); |