diff options
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 12 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 28 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_util.c | 2 |
3 files changed, 33 insertions, 9 deletions
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 6b96b79047..08ed28e80a 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -6061,7 +6061,17 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID * usr->user_rid = user_rid; usr->group_rid = group_rid; usr->acb_info = pdb_get_acct_ctrl(pw); - usr->unknown_3 = pdb_get_unknown_3(pw); + + /* + Look at a user on a real NT4 PDC with usrmgr, press + 'ok'. Then you will see that unknown_3 is set to + 0x08f827fa. Look at the user immediately after that again, + and you will see that 0x00fffff is returned. This solves + the problem that you get access denied after having looked + at the user. + -- Volker + */ + usr->unknown_3 = 0x00ffffff; usr->logon_divs = pdb_get_logon_divs(pw); usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 686614e9a4..126db91700 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1180,6 +1180,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, /* Get what we need from the password database */ switch (q_u->switch_level) { case 0x1: + /* When playing with usrmgr, this is necessary + if you want immediate refresh after editing + a user. I would like to do this after the + setuserinfo2, but we do not have access to + the domain handle in that call, only to the + user handle. Where else does this hurt? + -- Volker + */ + free_samr_users(info); case 0x2: case 0x4: become_root(); @@ -3181,7 +3190,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ if (sid_equal(&alias_sid, &global_sid_Builtin)) { DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n")); - if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) + if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; } else { if (sid_equal(&alias_sid, get_global_sam_sid())) { @@ -3513,7 +3522,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD GROUP_MAP map; uid_t uid; NTSTATUS ret; - SAM_ACCOUNT *sam_user; + SAM_ACCOUNT *sam_user=NULL; BOOL check; uint32 acc_granted; @@ -3560,19 +3569,21 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; - } else { - passwd_free(&pwd); } - if ((grp=getgrgid(map.gid)) == NULL) + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); return NT_STATUS_NO_SUCH_GROUP; + } /* we need to copy the name otherwise it's overloaded in user_in_group_list */ fstrcpy(grp_name, grp->gr_name); /* if the user is already in the group */ - if(user_in_group_list(pwd->pw_name, grp_name)) + if(user_in_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); return NT_STATUS_MEMBER_IN_GROUP; + } /* * ok, the group exist, the user exist, the user is not in the group, @@ -3583,9 +3594,12 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD smb_add_user_group(grp_name, pwd->pw_name); /* check if the user has been added then ... */ - if(!user_in_group_list(pwd->pw_name, grp_name)) + if(!user_in_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ + } + passwd_free(&pwd); return NT_STATUS_OK; } diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index 2a43155c10..84f28eda08 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -99,7 +99,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) if (from->hdr_full_name.buffer) { old_string = pdb_get_fullname(to); - new_string = pdb_unistr2_convert(&from->uni_user_name); + new_string = pdb_unistr2_convert(&from->uni_full_name); DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED) pdb_set_fullname(to , new_string, PDB_CHANGED); |