diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-10-12 03:38:07 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-10-12 03:38:07 +0000 |
commit | 4ac9ccfde4d36e3b6065c65c92dd02dddb78b4f2 (patch) | |
tree | 3a4d155eebb79435dc1b6b9493028a259bc13a30 /source3/rpc_server/srv_samr_nt.c | |
parent | 4920d2192206b6e0072d078cfba08f91bb03651d (diff) | |
download | samba-4ac9ccfde4d36e3b6065c65c92dd02dddb78b4f2.tar.gz samba-4ac9ccfde4d36e3b6065c65c92dd02dddb78b4f2.tar.bz2 samba-4ac9ccfde4d36e3b6065c65c92dd02dddb78b4f2.zip |
Nice *big* patch from metze.
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6b7318a325..686614e9a4 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -205,8 +205,8 @@ static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass) /* These now zero out the old password */ - pdb_set_lanman_passwd(sam_pass, NULL); - pdb_set_nt_passwd(sam_pass, NULL); + pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT); + pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT); } @@ -2288,13 +2288,13 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ return nt_status; } - if (!pdb_set_username(sam_pass, account)) { + if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) { pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; } } - pdb_set_acct_ctrl(sam_pass, acb_info); + pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); if (!pdb_add_sam_account(sam_pass)) { pdb_free_sam(&sam_pass); @@ -2675,8 +2675,9 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, DOM_SID *sid) pdb_free_sam(&pwd); return False; } - - if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) { + + /* FIX ME: check if the value is really changed --metze */ + if (!pdb_set_acct_ctrl(pwd, id10->acb_info, PDB_CHANGED)) { pdb_free_sam(&pwd); return False; } @@ -2712,11 +2713,11 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, DOM_SID *sid) return False; } - if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) { + if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd, PDB_CHANGED)) { pdb_free_sam(&pwd); return False; } - if (!pdb_set_nt_passwd (pwd, id12->nt_pwd)) { + if (!pdb_set_nt_passwd (pwd, id12->nt_pwd, PDB_CHANGED)) { pdb_free_sam(&pwd); return False; } |