diff options
| -rw-r--r-- | source3/passdb/passdb.c | 61 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 69 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 16 |
3 files changed, 52 insertions, 94 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 15756b7e22..903c7ada96 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -266,6 +266,38 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) } +/************************************************************* + Initialises a SAM_ACCOUNT ready to add a new account, based + on the unix user if possible. + ************************************************************/ + +NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username) +{ + NTSTATUS nt_status = NT_STATUS_NO_MEMORY; + + struct passwd *pwd; + + pwd = Get_Pwnam(username); + + if (pwd) { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd))) { + *new_sam_acct = NULL; + return nt_status; + } + } else { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) { + *new_sam_acct = NULL; + return nt_status; + } + if (!pdb_set_username(*new_sam_acct, username, PDB_SET)) { + pdb_free_sam(new_sam_acct); + return nt_status; + } + } + return NT_STATUS_OK; +} + + /** * Free the contets of the SAM_ACCOUNT, but not the structure. * @@ -910,7 +942,6 @@ BOOL local_password_change(const char *user_name, int local_flags, char *err_str, size_t err_str_len, char *msg_str, size_t msg_str_len) { - struct passwd *pwd = NULL; SAM_ACCOUNT *sam_pass=NULL; uint16 other_acb; @@ -922,35 +953,15 @@ BOOL local_password_change(const char *user_name, int local_flags, if(!pdb_getsampwnam(sam_pass, user_name)) { pdb_free_sam(&sam_pass); - if (local_flags & LOCAL_ADD_USER) { - pwd = getpwnam_alloc(user_name); - } else if (local_flags & LOCAL_DELETE_USER) { + if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) { /* Might not exist in /etc/passwd */ - } else { - slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name); - return False; - } - - if (pwd) { - /* Local user found, so init from this */ - if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pass, pwd))){ + if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name))) { slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name); - passwd_free(&pwd); return False; } - - passwd_free(&pwd); } else { - if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_pass))){ - slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name); - return False; - } - - if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) { - slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name); - pdb_free_sam(&sam_pass); - return False; - } + slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name); + return False; } } else { /* the entry already existed */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 9cc6474500..5ab0e80351 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1473,13 +1473,14 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO for (i = 0; i < num_rids; i++) { fstring name; DOM_SID sid; + int ret; r_u->status = NT_STATUS_NONE_MAPPED; rid [i] = 0xffffffff; type[i] = SID_NAME_UNKNOWN; - rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0); + ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0); /* * we are only looking for a name @@ -1492,7 +1493,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO * a cleaner code is to add the sid of the domain we're looking in * to the local_lookup_name function. */ - if(local_lookup_name(name, &sid, &local_type)) { + + if ((ret > 0) && local_lookup_name(name, &sid, &local_type)) { sid_split_rid(&sid, &local_rid); if (sid_equal(&sid, &pol_sid)) { @@ -2205,6 +2207,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ uint32 acc_granted; SEC_DESC *psd; size_t sd_size; + /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; /* Get the domain SID stored in the domain policy */ @@ -2274,7 +2277,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ /* the passdb lookup has failed; check to see if we need to run the add user/machine script */ - pw = getpwnam_alloc(account); + pw = Get_Pwnam(account); if ( !pw ) { /* @@ -2288,76 +2291,28 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_ pstrcpy(add_script, lp_addmachine_script()); else pstrcpy(add_script, lp_adduser_script()); - + if (*add_script) { int add_ret; all_string_sub(add_script, "%u", account, sizeof(account)); add_ret = smbrun(add_script,NULL); DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); } - - /* try again */ - pw = getpwnam_alloc(account); - } - - - if (pw) { - DOM_SID user_sid; - DOM_SID group_sid; - if (!uid_to_sid(&user_sid, pw->pw_uid)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; - } - - if (!gid_to_sid(&group_sid, pw->pw_gid)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) { - passwd_free(&pw); /* done with this now */ - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; - } - - passwd_free(&pw); /* done with this now */ - } else { - DEBUG(3,("attempting to create non-unix account %s\n", account)); } - if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) { - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_MEMORY; - } - + nt_status = pdb_init_sam_new(&sam_pass, account); + if (!NT_STATUS_IS_OK(nt_status)) + return nt_status; + pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); - + if (!pdb_add_sam_account(sam_pass)) { pdb_free_sam(&sam_pass); DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n", account)); return NT_STATUS_ACCESS_DENIED; } - - pdb_reset_sam(sam_pass); - - if (!pdb_getsampwnam(sam_pass, account)) { - pdb_free_sam(&sam_pass); - DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", - account)); - return NT_STATUS_ACCESS_DENIED; - } /* Get the user's SID */ sid_copy(&sid, pdb_get_user_sid(sam_pass)); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index d7de709e21..3a3d06a645 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -351,20 +351,12 @@ static int new_user (struct pdb_context *in, const char *username, const char *profile, char *user_sid, char *group_sid) { SAM_ACCOUNT *sam_pwent=NULL; - struct passwd *pwd = NULL; + NTSTATUS nt_status; char *password1, *password2, *staticpass; - ZERO_STRUCT(sam_pwent); - - if ((pwd = getpwnam_alloc(username))) { - pdb_init_sam_pw (&sam_pwent, pwd); - passwd_free(&pwd); - } else { - fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username); - pdb_init_sam(&sam_pwent); - if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) { - return -1; - } + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pwent, username))) { + DEBUG(0, ("could not create account to add new user %s\n", username)); + return -1; } staticpass = getpass("new password:"); |