diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-07-26 03:50:24 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:01:19 -0500 |
| commit | 32d55960b5417fbee1af5d82960e6c2da58ec8a2 (patch) | |
| tree | 170860b256e91800f0a61ef2e9128d96cace17f4 /source4/rpc_server/samr | |
| parent | a47313851f53f71c38825a4e37f49326d2d5d014 (diff) | |
| download | samba-32d55960b5417fbee1af5d82960e6c2da58ec8a2.tar.gz samba-32d55960b5417fbee1af5d82960e6c2da58ec8a2.tar.bz2 samba-32d55960b5417fbee1af5d82960e6c2da58ec8a2.zip | |
r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.
- The icons in usermgr were incorrect, because the acct_flags were
not filled in (due to missing attribute in ldb query)
- The Full name was missing, and the description used as the full
name (due to missing attributes in ldb query and incorrect IDL)
To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.
This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...
Getting this right is important, because Samba3's RPC winbind methods
uses these queries.
Andrew Bartlett
(This used to be commit 9475d94a61e36b3507e5fd2e6bb6f0667db4a607)
Diffstat (limited to 'source4/rpc_server/samr')
| -rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index b1b9e9288e..cedf4059e2 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -508,7 +508,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, TALLO break; } - /* TODO: Should these filter on SID, to avoid counting BUILTIN? */ + /* No users in BUILTIN, and the LOCAL group types are only in builtin, and the global group type is never in BUILTIN */ info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, "(objectClass=user)"); info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, @@ -3573,8 +3573,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, struct samr_domain_state *d_state; struct ldb_message **res; int ldb_cnt, count, i; - const char * const attrs[4] = { "objectSid", "sAMAccountName", - "description", NULL }; + const char * const attrs[] = { "objectSid", "sAMAccountName", "displayName", + "description", "userAccountControl", NULL }; struct samr_DispEntryFull *entriesFull = NULL; struct samr_DispEntryFullGroup *entriesFullGroup = NULL; struct samr_DispEntryAscii *entriesAscii = NULL; @@ -3674,12 +3674,21 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, samdb_result_string(res[i], "description", ""); break; case 2: + if (!(samdb_result_acct_flags(res[i], + "userAccountControl") & ACB_WSTRUST)) { + /* Domain controllers match the + * filter, but should not be included + * in the output */ + continue; + } entriesFull[count].idx = count + 1; entriesFull[count].rid = objectsid->sub_auths[objectsid->num_auths-1]; + + /* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */ entriesFull[count].acct_flags = samdb_result_acct_flags(res[i], - "userAccountControl"); + "userAccountControl") | ACB_NORMAL; entriesFull[count].account_name.string = samdb_result_string(res[i], "sAMAccountName", ""); |