diff options
author | Gerald Carter <jerry@samba.org> | 2003-07-11 05:33:40 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-07-11 05:33:40 +0000 |
commit | 03d5867d529f126da368ebda70bf2d997aa602e0 (patch) | |
tree | 6bed479ab42b3bcbd5ac6b70157c16232ff69869 /source3/rpc_server/srv_samr_nt.c | |
parent | d117c83ca9fc1b598d09f5d24805560e9c49f65c (diff) | |
download | samba-03d5867d529f126da368ebda70bf2d997aa602e0.tar.gz samba-03d5867d529f126da368ebda70bf2d997aa602e0.tar.bz2 samba-03d5867d529f126da368ebda70bf2d997aa602e0.zip |
moving more code around.
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index dfa3a8b62e..9324fd4765 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2204,6 +2204,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ uint32 acc_granted; SEC_DESC *psd; size_t sd_size; + uint32 new_rid = 0; /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; @@ -2272,6 +2273,17 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ pw = Get_Pwnam(account); + /********************************************************************* + * HEADS UP! If we have to create a new user account, we have to get + * a new RID from somewhere. This used to be done by the passdb + * backend. It has been moved into idmap now. Since idmap is now + * wrapped up behind winbind, this means you have to run winbindd if you + * want new accounts to get a new RID when "enable rid algorithm = no". + * Tough. We now have a uniform way of allocating RIDs regardless + * of what ever passdb backend people may use. + * --jerry (2003-07-10) + *********************************************************************/ + if ( !pw ) { /* * we can't check both the ending $ and the acb_info. @@ -2293,15 +2305,17 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ } else /* no add user script -- ask winbindd to do it */ { - if ( !winbind_create_user( account ) ) - DEBUG(3,("_api_samr_create_user: winbind_create_user(%s) failed\n", account)); + if ( !winbind_create_user( account, &new_rid ) ) { + DEBUG(3,("_api_samr_create_user: winbind_create_user(%s) failed\n", + account)); + } } } - /* implicit call to getpwnam() next */ + /* implicit call to getpwnam() next. we have a valid SID coming out of this call */ - if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account)) ) + if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account, new_rid)) ) return nt_status; pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); @@ -3711,12 +3725,25 @@ static int smb_delete_user(const char *unix_user) pstring del_script; int ret; + /* try winbindd first since it is impossible to determine where + a user came from via NSS. Try the delete user script if this fails + meaning the user did not exist in winbindd's list of accounts */ + + if ( winbind_delete_user( unix_user ) ) { + DEBUG(3,("winbind_delete_user: removed user (%s)\n", unix_user)); + return 0; + } + + + /* fall back to 'delete user script' */ + pstrcpy(del_script, lp_deluser_script()); if (! *del_script) return -1; all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); ret = smbrun(del_script,NULL); DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); + return ret; } |