diff options
| author | Gerald Carter <jerry@samba.org> | 2003-07-16 02:20:53 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-07-16 02:20:53 +0000 |
| commit | a84270ce115e7fa0674c163de708333816184dca (patch) | |
| tree | fbad9af11ddfae189f1dd003590f50dbb4407c47 | |
| parent | 6b814c9908c307abf427af37c00332de5e369eb4 (diff) | |
| download | samba-a84270ce115e7fa0674c163de708333816184dca.tar.gz samba-a84270ce115e7fa0674c163de708333816184dca.tar.bz2 samba-a84270ce115e7fa0674c163de708333816184dca.zip | |
fixes for 'net rpc vampire'. I can now take a blank Samba host
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)
removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
| -rw-r--r-- | source3/groupdb/mapping.c | 32 | ||||
| -rw-r--r-- | source3/nsswitch/wb_client.c | 35 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 3 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 6 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 37 |
5 files changed, 47 insertions, 66 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 951361f4d4..3d2af5d0ba 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -714,8 +714,10 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) int smb_create_group(char *unix_group, gid_t *new_gid) { pstring add_script; - int ret; - int fd = 0; + int ret = -1; + int fd = 0; + + *new_gid = 0; /* defer to scripts */ @@ -734,22 +736,9 @@ int smb_create_group(char *unix_group, gid_t *new_gid) if (read(fd, output, sizeof(output)) > 0) { *new_gid = (gid_t)strtoul(output, NULL, 10); } + close(fd); - - if (*new_gid == 0) { - /* The output was garbage. We assume nobody - will create group 0 via smbd. Now we try to - get the group via getgrnam. */ - - struct group *grp = getgrnam(unix_group); - if (grp != NULL) - *new_gid = grp->gr_gid; - else - return 1; - } } - - return 0; } /* Try winbindd */ @@ -757,10 +746,17 @@ int smb_create_group(char *unix_group, gid_t *new_gid) if ( winbind_create_group( unix_group, NULL ) ) { DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", unix_group)); - return 0; + ret = 0; + } + + if (*new_gid == 0) { + struct group *grp = getgrnam(unix_group); + + if (grp != NULL) + *new_gid = grp->gr_gid; } - return -1; + return ret; } /**************************************************************************** diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 49a48074fa..7c5a8dd054 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -315,6 +315,9 @@ BOOL winbind_create_user( const char *name, uint32 *rid ) DEBUG(10,("winbind_create_user: %s\n", name)); + ZERO_STRUCT(request); + ZERO_STRUCT(response); + /* see if the caller wants a new RID returned */ if ( rid ) @@ -323,8 +326,6 @@ BOOL winbind_create_user( const char *name, uint32 *rid ) fstrcpy( request.data.acct_mgt.username, name ); fstrcpy( request.data.acct_mgt.groupname, "" ); - ZERO_STRUCT(response); - result = winbindd_request( WINBINDD_CREATE_USER, &request, &response); if ( rid ) @@ -351,6 +352,9 @@ BOOL winbind_create_group( const char *name, uint32 *rid ) DEBUG(10,("winbind_create_group: %s\n", name)); + ZERO_STRUCT(request); + ZERO_STRUCT(response); + /* see if the caller wants a new RID returned */ if ( rid ) @@ -358,7 +362,6 @@ BOOL winbind_create_group( const char *name, uint32 *rid ) fstrcpy( request.data.acct_mgt.groupname, name ); - ZERO_STRUCT(response); result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response); @@ -384,14 +387,15 @@ BOOL winbind_add_user_to_group( const char *user, const char *group ) if ( !user || !group ) return False; + ZERO_STRUCT(request); + ZERO_STRUCT(response); + DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n", user, group)); fstrcpy( request.data.acct_mgt.username, user ); fstrcpy( request.data.acct_mgt.groupname, group ); - ZERO_STRUCT(response); - result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response); return result == NSS_STATUS_SUCCESS; @@ -413,12 +417,12 @@ BOOL winbind_remove_user_from_group( const char *user, const char *group ) if ( !user || !group ) return False; + ZERO_STRUCT(request); + ZERO_STRUCT(response); + DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n", user, group)); - fstrcpy( request.data.acct_mgt.username, user ); - fstrcpy( request.data.acct_mgt.groupname, group ); - ZERO_STRUCT(response); result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response); @@ -442,14 +446,15 @@ BOOL winbind_set_user_primary_group( const char *user, const char *group ) if ( !user || !group ) return False; + ZERO_STRUCT(request); + ZERO_STRUCT(response); + DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n", user, group)); fstrcpy( request.data.acct_mgt.username, user ); fstrcpy( request.data.acct_mgt.groupname, group ); - ZERO_STRUCT(response); - result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response); return result == NSS_STATUS_SUCCESS; @@ -472,12 +477,13 @@ BOOL winbind_delete_user( const char *user ) if ( !user ) return False; + ZERO_STRUCT(request); + ZERO_STRUCT(response); + DEBUG(10,("winbind_delete_user: user (%s)\n", user)); fstrcpy( request.data.acct_mgt.username, user ); - ZERO_STRUCT(response); - result = winbindd_request( WINBINDD_DELETE_USER, &request, &response); return result == NSS_STATUS_SUCCESS; @@ -499,12 +505,13 @@ BOOL winbind_delete_group( const char *group ) if ( !group ) return False; + ZERO_STRUCT(request); + ZERO_STRUCT(response); + DEBUG(10,("winbind_delete_group: group (%s)\n", group)); fstrcpy( request.data.acct_mgt.groupname, group ); - ZERO_STRUCT(response); - result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response); return result == NSS_STATUS_SUCCESS; diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 0336312e89..0860d701d8 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -883,9 +883,6 @@ int main(int argc, char **argv) if (!idmap_init(lp_idmap_backend())) return 1; - if (!idmap_init_wellknown_sids()) - exit(1); - /* Unblock all signals we are interested in as they may have been blocked by the parent process. */ diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 333ac8ace6..9a99e07d82 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1053,9 +1053,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) struct passwd *unix_pw; BOOL ret; - winbind_off(); unix_pw = sys_getpwuid( uid ); - winbind_on(); if ( !unix_pw ) { DEBUG(4,("local_uid_to_sid: host has know idea of uid %d\n", uid)); @@ -1114,8 +1112,6 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ return False; } - - /* lookup the user account */ if ( !NT_STATUS_IS_OK(pdb_init_sam(&sampw)) ) { @@ -1134,9 +1130,7 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ user_name = pdb_get_username(sampw); - winbind_off(); unix_pw = sys_getpwnam( user_name ); - winbind_on(); if ( !unix_pw ) { DEBUG(0,("local_sid_to_uid: %s found in passdb but getpwnam() return NULL!\n", diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 31535f7945..e5e9a68b2e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -412,8 +412,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) DOM_SID user_sid; DOM_SID group_sid; struct passwd *passwd; - unid_t id; - int u_type = ID_USERID | ID_QUERY_ONLY; fstring sid_string; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); @@ -497,19 +495,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } } - if (!passwd) { - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); - /* if no unix user, changing the mapping won't help */ - } else { - nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account)); - if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) { - - } else { - /* set mapping */ - - id.uid = passwd->pw_uid; - nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID); - } + if ( !passwd ) { + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", + pdb_get_username(sam_account))); } pdb_free_sam(&sam_account); @@ -536,21 +524,25 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_to_string(sid_string, &group_sid); if (pdb_getgrsid(&map, group_sid)) { - grp = getgrgid(map.gid); + if ( map.gid != -1 ) + grp = getgrgid(map.gid); insert = False; } - if (grp == NULL) - { + if (grp == NULL) { gid_t gid; /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { + /* No appropriate group found, create one */ + d_printf("Creating unix group: '%s'\n", name); + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; - if ((grp = getgrgid(gid)) == NULL) + + if ((grp = getgrnam(name)) == NULL) return NT_STATUS_ACCESS_DENIED; } } @@ -997,11 +989,6 @@ int rpc_vampire(int argc, const char **argv) ZERO_STRUCT(ret_creds); - if (!idmap_init(lp_idmap_backend())) { - d_printf("Could not init idmap\n"); - return -1; - } - /* Connect to remote machine */ if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { @@ -1027,7 +1014,7 @@ int rpc_vampire(int argc, const char **argv) goto fail; } - dom_sid = *get_global_sam_sid(); + sid_copy( &dom_sid, get_global_sam_sid() ); result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); if (!NT_STATUS_IS_OK(result)) { |