summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-07-30 10:30:34 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:01:23 -0500
commit008b84076094733d7754c524923b1d96ab30b825 (patch)
treeda486ea5288b95b86c3114106db596f00d70b99f /source4
parent63c20026c4c27beffbcdb962da7bd844c2ed9c97 (diff)
downloadsamba-008b84076094733d7754c524923b1d96ab30b825.tar.gz
samba-008b84076094733d7754c524923b1d96ab30b825.tar.bz2
samba-008b84076094733d7754c524923b1d96ab30b825.zip
r24080: Set the primary group (matching windows) when creating new users in
SAMR. This can't be done in the ldb templates code, as it doesn't happen over direct LDAP. As noted in bug #4829. Andrew Bartlett (This used to be commit 3bfa6dbf7ded06df78310f7bd39d8a8d4edbb4ef)
Diffstat (limited to 'source4')
-rw-r--r--source4/librpc/idl/security.idl1
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c2
-rw-r--r--source4/torture/rpc/samr.c31
3 files changed, 30 insertions, 4 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 098a887bfe..ea2ad050d5 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -170,6 +170,7 @@ interface security
const int DOMAIN_RID_GUEST = 501;
const int DOMAIN_RID_ADMINS = 512;
const int DOMAIN_RID_USERS = 513;
+ const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
const int DOMAIN_RID_DCS = 516;
const int DOMAIN_RID_CERT_ADMINS = 517;
const int DOMAIN_RID_SCHEMA_ADMINS = 518;
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 648b0d37c6..9bb9cb8161 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1269,6 +1269,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL
cn_name[cn_name_len - 1] = '\0';
container = "CN=Computers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS);
} else if (r->in.acct_flags == ACB_SVRTRUST) {
if (cn_name[cn_name_len - 1] != '$') {
@@ -1277,6 +1278,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL
cn_name[cn_name_len - 1] = '\0';
container = "OU=Domain Controllers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS);
} else if (r->in.acct_flags == ACB_DOMTRUST) {
container = "CN=Users";
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 179b3506de..2534044417 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2513,7 +2513,7 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
if (NT_STATUS_IS_OK(status)) {
q.in.user_handle = &user_handle;
- q.in.level = 16;
+ q.in.level = 5;
status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
@@ -2521,11 +2521,34 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
q.in.level, nt_errstr(status));
ret = False;
} else {
- if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
- printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
- q.out.info->info16.acct_flags,
+ if ((q.out.info->info5.acct_flags & acct_flags) != acct_flags) {
+ printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ q.out.info->info5.acct_flags,
acct_flags);
ret = False;
+ }
+ switch (acct_flags) {
+ case ACB_SVRTRUST:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) {
+ printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_DCS, q.out.info->info5.primary_gid);
+ ret = False;
+ }
+ break;
+ case ACB_WSTRUST:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
+ printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid);
+ ret = False;
+ }
+ break;
+ case ACB_NORMAL:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) {
+ printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_USERS, q.out.info->info5.primary_gid);
+ ret = False;
+ }
+ break;
}
}