diff options
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 794fea56df..7b2cd78dc6 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2205,6 +2205,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ uint32 acc_granted; SEC_DESC *psd; size_t sd_size; + /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; /* Get the domain SID stored in the domain policy */ @@ -2290,50 +2291,26 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); } - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) { - return nt_status; - } - pw = getpwnam_alloc(account); if (pw) { - DOM_SID user_sid; - DOM_SID group_sid; - if (!uid_to_sid(&user_sid, pw->pw_uid)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; - } - - if (!gid_to_sid(&group_sid, pw->pw_gid)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) { - passwd_free(&pw); /* done with this now */ + nt_status = pdb_init_sam_pw(&sam_pass, pw); + passwd_free(&pw); /* done with this now */ + if (!NT_STATUS_IS_OK(nt_status)) { pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; + return nt_status; } - - passwd_free(&pw); /* done with this now */ } else { DEBUG(3,("attempting to create non-unix account %s\n", account)); + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) { + return nt_status; } if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) { pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; + } } pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); @@ -2344,15 +2321,6 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ account)); return NT_STATUS_ACCESS_DENIED; } - - pdb_reset_sam(sam_pass); - - if (!pdb_getsampwnam(sam_pass, account)) { - pdb_free_sam(&sam_pass); - DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", - account)); - return NT_STATUS_ACCESS_DENIED; - } /* Get the user's SID */ sid_copy(&sid, pdb_get_user_sid(sam_pass)); |