summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-07-05 09:46:12 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-07-05 09:46:12 +0000
commita3ddfa5069c9df07626135aa5fd2ec411c41943f (patch)
tree4c66505e3ca16e2db518143ebbf6e999f3a24b9d /source3/utils
parentd809ad1d1999b097ff30952b9d14cf5aaa72562e (diff)
downloadsamba-a3ddfa5069c9df07626135aa5fd2ec411c41943f.tar.gz
samba-a3ddfa5069c9df07626135aa5fd2ec411c41943f.tar.bz2
samba-a3ddfa5069c9df07626135aa5fd2ec411c41943f.zip
Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_rpc_samsync.c81
1 files changed, 44 insertions, 37 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index ada2d274ba..881ea96db6 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -409,10 +409,11 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
SAM_ACCOUNT *sam_account=NULL;
GROUP_MAP map;
struct group *grp;
- DOM_SID sid;
+ DOM_SID user_sid;
+ DOM_SID group_sid;
struct passwd *passwd;
unid_t id;
- int u_type;
+ int u_type = ID_USERID | ID_QUERY_ONLY;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
d_printf("Creating account: %s\n", account);
@@ -444,55 +445,56 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
passwd = Get_Pwnam(account);
}
}
+
+ sid_copy(&user_sid, get_global_sam_sid());
+ sid_append_rid(&user_sid, delta->user_rid);
- sam_account_from_delta(sam_account, delta);
- if (!pdb_add_sam_account(sam_account)) {
- DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
- account));
+ if (!pdb_getsampwsid(sam_account, &user_sid)) {
+ sam_account_from_delta(sam_account, delta);
+ if (!pdb_add_sam_account(sam_account)) {
+ DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
+ account));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ } else {
+ sam_account_from_delta(sam_account, delta);
if (!pdb_update_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
account));
pdb_free_sam(&sam_account);
- return NT_STATUS_OK;
-/* return NT_STATUS_ACCESS_DENIED; */
+ return NT_STATUS_ACCESS_DENIED;
}
}
- sid = *pdb_get_group_sid(sam_account);
+ group_sid = *pdb_get_group_sid(sam_account);
- if (!pdb_getgrsid(&map, sid)) {
+ if (!pdb_getgrsid(&map, group_sid)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_SUCH_GROUP;
- }
-
+ } else {
+ if (map.gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map.gid))) {
+ DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
+ map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid)));
+ } else {
+ smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
+ }
+ }
+ }
+
if (!passwd) {
+ DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account)));
/* if no unix user, changing the mapping won't help */
- pdb_free_sam(&sam_account);
- return NT_STATUS_OK;
- }
-
- if (map.gid != passwd->pw_gid) {
- if (!(grp = getgrgid(map.gid))) {
- DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
- map.gid, pdb_get_username(sam_account), sid_string_static(&sid)));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_SUCH_GROUP;
+ } else {
+ nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
+ if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) {
+
+ } else {
+ /* set mapping */
+
+ id.uid = passwd->pw_uid;
+ nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
}
-
- smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
- }
-
- nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
- if (!NT_STATUS_IS_OK(nt_ret)) {
- pdb_free_sam(&sam_account);
- return nt_ret;
- }
-
- if ((u_type != ID_USERID) || (id.uid != passwd->pw_uid)) {
- id.uid = passwd->pw_uid;
- nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
}
pdb_free_sam(&sam_account);
@@ -980,6 +982,11 @@ int rpc_vampire(int argc, const char **argv)
ZERO_STRUCT(ret_creds);
+ if (!idmap_init(lp_idmap_backend())) {
+ d_printf("Could not init idmap\n");
+ return -1;
+ }
+
/* Connect to remote machine */
if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS |
NET_FLAGS_PDC))) {