diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-08-11 15:46:26 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-13 12:30:49 +1000 |
commit | 2993113a56032be89272a626a7ef4c436d73080a (patch) | |
tree | f34b8d5a77f3148232ed4b136067ea4134480e07 | |
parent | add8505fde9d178b3a0dbb71a207485cdb8fc161 (diff) | |
download | samba-2993113a56032be89272a626a7ef4c436d73080a.tar.gz samba-2993113a56032be89272a626a7ef4c436d73080a.tar.bz2 samba-2993113a56032be89272a626a7ef4c436d73080a.zip |
s4-dsdb Add ability to force a particular SID in the upgrade case
-rw-r--r-- | source3/passdb/pdb_samba4.c | 3 | ||||
-rw-r--r-- | source4/dsdb/common/util_samr.c | 17 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 3 |
3 files changed, 20 insertions, 3 deletions
diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c index 5848c23de8..aa3352a658 100644 --- a/source3/passdb/pdb_samba4.c +++ b/source3/passdb/pdb_samba4.c @@ -580,7 +580,8 @@ static NTSTATUS pdb_samba4_create_user(struct pdb_methods *m, /* Internally this uses transactions to ensure all the steps * happen or fail as one */ - status = dsdb_add_user(state->ldb, tmp_ctx, name, acct_flags, &sid, &dn); + status = dsdb_add_user(state->ldb, tmp_ctx, name, acct_flags, NULL, + &sid, &dn); if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_ctx); return status; diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c index 83a8c385af..3ce8d76018 100644 --- a/source4/dsdb/common/util_samr.c +++ b/source4/dsdb/common/util_samr.c @@ -36,6 +36,7 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *account_name, uint32_t acct_flags, + const struct dom_sid *forced_sid, struct dom_sid **sid, struct ldb_dn **dn) { @@ -143,6 +144,18 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, ldb_msg_add_string(msg, "sAMAccountName", account_name); ldb_msg_add_string(msg, "objectClass", obj_class); + /* This is only here for migrations using pdb_samba4, the + * caller and the samldb are responsible for ensuring it makes + * sense */ + if (forced_sid) { + ret = samdb_msg_add_dom_sid(ldb, msg, msg, "objectSID", forced_sid); + if (ret != LDB_SUCCESS) { + ldb_transaction_cancel(ldb); + talloc_free(tmp_ctx); + return NT_STATUS_INTERNAL_ERROR; + } + } + /* create the user */ ret = ldb_add(ldb, msg); switch (ret) { @@ -244,7 +257,9 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, return NT_STATUS_INTERNAL_DB_CORRUPTION; } *dn = talloc_steal(mem_ctx, account_dn); - *sid = talloc_steal(mem_ctx, account_sid); + if (sid) { + *sid = talloc_steal(mem_ctx, account_sid); + } talloc_free(tmp_ctx); return NT_STATUS_OK; } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 32aafcd23f..7d062ffff4 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1205,7 +1205,8 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_INVALID_PARAMETER; } - status = dsdb_add_user(d_state->sam_ctx, mem_ctx, account_name, r->in.acct_flags, &sid, &dn); + status = dsdb_add_user(d_state->sam_ctx, mem_ctx, account_name, r->in.acct_flags, NULL, + &sid, &dn); if (!NT_STATUS_IS_OK(status)) { return status; } |