Merge 3.0's change to how we add users onto HEAD, including a few other bits

of sync-up for the rpc_server/srv_samr_nt.c

Andrew Bartlett
(This used to be commit 3c867aedd9abc29389f5d049dbc94ada6738d1b0)

3 files changed, 52 insertions, 94 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 15756b7e22..903c7ada96 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -266,6 +266,38 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
 }
 
 
+/*************************************************************
+ Initialises a SAM_ACCOUNT ready to add a new account, based
+ on the unix user if possible.
+ ************************************************************/
+
+NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
+{
+	NTSTATUS nt_status = NT_STATUS_NO_MEMORY;
+
+	struct passwd *pwd;
+	
+	pwd = Get_Pwnam(username);
+
+	if (pwd) {
+		if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd))) {
+			*new_sam_acct = NULL;
+			return nt_status;
+		}
+	} else {
+		if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) {
+			*new_sam_acct = NULL;
+			return nt_status;
+		}
+		if (!pdb_set_username(*new_sam_acct, username, PDB_SET)) {
+			pdb_free_sam(new_sam_acct);
+			return nt_status;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+
 /**
  * Free the contets of the SAM_ACCOUNT, but not the structure.
  *
@@ -910,7 +942,6 @@ BOOL local_password_change(const char *user_name, int local_flags,
 			   char *err_str, size_t err_str_len,
 			   char *msg_str, size_t msg_str_len)
 {
-	struct passwd  *pwd = NULL;
 	SAM_ACCOUNT 	*sam_pass=NULL;
 	uint16 other_acb;
 
@@ -922,35 +953,15 @@ BOOL local_password_change(const char *user_name, int local_flags,
 	if(!pdb_getsampwnam(sam_pass, user_name)) {
 		pdb_free_sam(&sam_pass);
 		
-		if (local_flags & LOCAL_ADD_USER) {
-			pwd = getpwnam_alloc(user_name);
-		} else if (local_flags & LOCAL_DELETE_USER) {
+		if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
 			/* Might not exist in /etc/passwd */
-		} else {
-			slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
-			return False;
-		}
-		
-		if (pwd) {
-			/* Local user found, so init from this */
-			if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pass, pwd))){
+			if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name))) {
 				slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
-				passwd_free(&pwd);
 				return False;
 			}
-		
-			passwd_free(&pwd);
 		} else {
-			if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_pass))){
-				slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
-				return False;
-			}
-
-	        	if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) {
-	                	slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
-	               	 	pdb_free_sam(&sam_pass);
-	               	 	return False;
-	        	}
+			slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
+			return False;
 		}
 	} else {
 		/* the entry already existed */
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9cc6474500..5ab0e80351 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1473,13 +1473,14 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
 	for (i = 0; i < num_rids; i++) {
 		fstring name;
             	DOM_SID sid;
+            	int ret;
 
 	        r_u->status = NT_STATUS_NONE_MAPPED;
 
 	        rid [i] = 0xffffffff;
 	        type[i] = SID_NAME_UNKNOWN;
 
-		rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
+		ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
 
  		/*
 		 * we are only looking for a name
@@ -1492,7 +1493,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
 		 * a cleaner code is to add the sid of the domain we're looking in
 		 * to the local_lookup_name function.
 		 */
-            	if(local_lookup_name(name, &sid, &local_type)) {
+		 
+            	if ((ret > 0) && local_lookup_name(name, &sid, &local_type)) {
                 	sid_split_rid(&sid, &local_rid);
 				
 			if (sid_equal(&sid, &pol_sid)) {
@@ -2205,6 +2207,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
 	uint32 acc_granted;
 	SEC_DESC *psd;
 	size_t    sd_size;
+	/* check this, when giving away 'add computer to domain' privs */
 	uint32    des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
 
 	/* Get the domain SID stored in the domain policy */
@@ -2274,7 +2277,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
 	/* the passdb lookup has failed; check to see if we need to run the
 	   add user/machine script */
 	   
-	pw = getpwnam_alloc(account);
+	pw = Get_Pwnam(account);
 	
 	if ( !pw ) {
 		/* 
@@ -2288,76 +2291,28 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
 			pstrcpy(add_script, lp_addmachine_script());		
 		else 
 			pstrcpy(add_script, lp_adduser_script());
-	
+
 		if (*add_script) {
   			int add_ret;
   			all_string_sub(add_script, "%u", account, sizeof(account));
   			add_ret = smbrun(add_script,NULL);
  			DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
   		}
-	
-		/* try again */
-		pw = getpwnam_alloc(account);
-	}
-		
-
-	if (pw) {
-		DOM_SID user_sid;
-		DOM_SID group_sid;
-		if (!uid_to_sid(&user_sid, pw->pw_uid)) {
-			passwd_free(&pw); /* done with this now */
-			pdb_free_sam(&sam_pass);
-			DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
-
-		if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) {
-			passwd_free(&pw); /* done with this now */
-			pdb_free_sam(&sam_pass);
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		if (!gid_to_sid(&group_sid, pw->pw_gid)) {
-			passwd_free(&pw); /* done with this now */
-			pdb_free_sam(&sam_pass);
-			DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
-
-		if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) {
-			passwd_free(&pw); /* done with this now */
-			pdb_free_sam(&sam_pass);
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		passwd_free(&pw); /* done with this now */
-	} else {
-		DEBUG(3,("attempting to create non-unix account %s\n", account));
 		
 	}
 	
-	if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_MEMORY;
-	}
-
+	nt_status = pdb_init_sam_new(&sam_pass, account);
+	if (!NT_STATUS_IS_OK(nt_status))
+		return nt_status;
+		
  	pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
- 
+	
  	if (!pdb_add_sam_account(sam_pass)) {
  		pdb_free_sam(&sam_pass);
  		DEBUG(0, ("could not add user/computer %s to passdb.  Check permissions?\n", 
  			  account));
  		return NT_STATUS_ACCESS_DENIED;		
  	}
-
-	pdb_reset_sam(sam_pass);
-	
-	if (!pdb_getsampwnam(sam_pass, account)) {
- 		pdb_free_sam(&sam_pass);
- 		DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", 
- 			  account));
- 		return NT_STATUS_ACCESS_DENIED;		
- 	}
  	
 	/* Get the user's SID */
 	sid_copy(&sid, pdb_get_user_sid(sam_pass));
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index d7de709e21..3a3d06a645 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -351,20 +351,12 @@ static int new_user (struct pdb_context *in, const char *username,
 			const char *profile, char *user_sid, char *group_sid)
 {
 	SAM_ACCOUNT *sam_pwent=NULL;
-	struct passwd  *pwd = NULL;
+	NTSTATUS nt_status;
 	char *password1, *password2, *staticpass;
 	
-	ZERO_STRUCT(sam_pwent);
-
-	if ((pwd = getpwnam_alloc(username))) {
-		pdb_init_sam_pw (&sam_pwent, pwd);
-		passwd_free(&pwd);
-	} else {
-		fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
-		pdb_init_sam(&sam_pwent);
-		if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) {
-			return -1;
-		}
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pwent, username))) {
+		DEBUG(0, ("could not create account to add new user %s\n", username));
+		return -1;
 	}
 
 	staticpass = getpass("new password:");