summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-23 01:04:20 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-23 01:04:20 +0000
commit846a773bda69ecbf512f8e455e5695dbf868cda7 (patch)
tree8d449d023229fe77d6f8938f04fb9d4071526bec
parentda6b12b93151e42aa561d8cceecdc50f7ce29eb4 (diff)
downloadsamba-846a773bda69ecbf512f8e455e5695dbf868cda7.tar.gz
samba-846a773bda69ecbf512f8e455e5695dbf868cda7.tar.bz2
samba-846a773bda69ecbf512f8e455e5695dbf868cda7.zip
Now that Volker fixed the real issues with ldapsam and adding null attributes
etc, move the SAMR create_user code back to using the 'pdb_init_sam_pw' method to fill out the attributes. This is basicly the same code, but we really didn't need the duplication. Also, take advantage of the fact that RIDs will always be returned back into the SAM_ACCOUNT on ADD, so we don't need to duplicate the 'get'. This should also help in sites with replicated LDAP - the second fetch might occour before the first is replicated back. Andrew Bartlett (This used to be commit 39714c24fd9da4701d4fe69ddd3d61a25254409f)
-rw-r--r--source3/rpc_server/srv_samr_nt.c48
1 files changed, 8 insertions, 40 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 794fea56df..7b2cd78dc6 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2205,6 +2205,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
uint32 acc_granted;
SEC_DESC *psd;
size_t sd_size;
+ /* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
/* Get the domain SID stored in the domain policy */
@@ -2290,50 +2291,26 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
}
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) {
- return nt_status;
- }
-
pw = getpwnam_alloc(account);
if (pw) {
- DOM_SID user_sid;
- DOM_SID group_sid;
- if (!uid_to_sid(&user_sid, pw->pw_uid)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!gid_to_sid(&group_sid, pw->pw_gid)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) {
- passwd_free(&pw); /* done with this now */
+ nt_status = pdb_init_sam_pw(&sam_pass, pw);
+ passwd_free(&pw); /* done with this now */
+ if (!NT_STATUS_IS_OK(nt_status)) {
pdb_free_sam(&sam_pass);
- return NT_STATUS_NO_MEMORY;
+ return nt_status;
}
-
- passwd_free(&pw); /* done with this now */
} else {
DEBUG(3,("attempting to create non-unix account %s\n", account));
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) {
+ return nt_status;
}
if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
+ }
}
pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
@@ -2344,15 +2321,6 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
account));
return NT_STATUS_ACCESS_DENIED;
}
-
- pdb_reset_sam(sam_pass);
-
- if (!pdb_getsampwnam(sam_pass, account)) {
- pdb_free_sam(&sam_pass);
- DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n",
- account));
- return NT_STATUS_ACCESS_DENIED;
- }
/* Get the user's SID */
sid_copy(&sid, pdb_get_user_sid(sam_pass));