Nice *big* patch from metze.

The actual design change is relitivly small however:

It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT.  This ensured that smb.conf defaults did not get 'fixed' into
ldap.  This was a great win for admins, and this patch follows in the same way.

This patch extends the concept - we don't store values back into LDAP unless
they have been changed.  So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value.  This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.

Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild.  Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.

This also applies to many other attributes, and helps to eliminate a nasty
race condition.  (Time between get and set)

This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).

The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.

Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)

1 files changed, 10 insertions, 10 deletions

diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 257b5fa2aa..94a562fc36 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1204,16 +1204,16 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
 	    && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) 
 	    && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
 
-		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
+		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid), PDB_SET);
 
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. 
 		   
 		   This was down the bottom for machines, but it looks pretty good as
 		   a general default for non-unix users. --abartlet 2002-01-08
 		*/
-		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
-		pdb_set_username (sam_pass, pw_buf->smb_name);
-		pdb_set_domain (sam_pass, lp_workgroup());
+		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET); 
+		pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
+		pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
 	} else {
 
 		pwfile = getpwnam_alloc(pw_buf->smb_name);
@@ -1229,18 +1229,18 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
 		passwd_free(&pwfile);
 	}
 	
-	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
-	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);			
-	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
-	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
-	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
+	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
+	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);			
+	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
+	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
+	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
 	
 #if 0	/* JERRY */
 	/* the smbpasswd format doesn't have a must change time field, so
 	   we can't get this right. The best we can do is to set this to 
 	   some time in the future. 21 days seems as reasonable as any other value :) 
 	*/
-	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
+	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE, PDB_DEFAULT);
 #endif
 	return True;
 }