summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_parse/parse_samr.c12
-rw-r--r--source3/rpc_server/srv_samr_nt.c28
-rw-r--r--source3/rpc_server/srv_samr_util.c2
3 files changed, 33 insertions, 9 deletions
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 6b96b79047..08ed28e80a 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -6061,7 +6061,17 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
usr->user_rid = user_rid;
usr->group_rid = group_rid;
usr->acb_info = pdb_get_acct_ctrl(pw);
- usr->unknown_3 = pdb_get_unknown_3(pw);
+
+ /*
+ Look at a user on a real NT4 PDC with usrmgr, press
+ 'ok'. Then you will see that unknown_3 is set to
+ 0x08f827fa. Look at the user immediately after that again,
+ and you will see that 0x00fffff is returned. This solves
+ the problem that you get access denied after having looked
+ at the user.
+ -- Volker
+ */
+ usr->unknown_3 = 0x00ffffff;
usr->logon_divs = pdb_get_logon_divs(pw);
usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 686614e9a4..126db91700 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1180,6 +1180,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
/* Get what we need from the password database */
switch (q_u->switch_level) {
case 0x1:
+ /* When playing with usrmgr, this is necessary
+ if you want immediate refresh after editing
+ a user. I would like to do this after the
+ setuserinfo2, but we do not have access to
+ the domain handle in that call, only to the
+ user handle. Where else does this hurt?
+ -- Volker
+ */
+ free_samr_users(info);
case 0x2:
case 0x4:
become_root();
@@ -3181,7 +3190,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
if (sid_equal(&alias_sid, &global_sid_Builtin)) {
DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
- if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_equal(&alias_sid, get_global_sam_sid())) {
@@ -3513,7 +3522,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
GROUP_MAP map;
uid_t uid;
NTSTATUS ret;
- SAM_ACCOUNT *sam_user;
+ SAM_ACCOUNT *sam_user=NULL;
BOOL check;
uint32 acc_granted;
@@ -3560,19 +3569,21 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
- } else {
- passwd_free(&pwd);
}
- if ((grp=getgrgid(map.gid)) == NULL)
+ if ((grp=getgrgid(map.gid)) == NULL) {
+ passwd_free(&pwd);
return NT_STATUS_NO_SUCH_GROUP;
+ }
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
- if(user_in_group_list(pwd->pw_name, grp_name))
+ if(user_in_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
return NT_STATUS_MEMBER_IN_GROUP;
+ }
/*
* ok, the group exist, the user exist, the user is not in the group,
@@ -3583,9 +3594,12 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
- if(!user_in_group_list(pwd->pw_name, grp_name))
+ if(!user_in_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */
+ }
+ passwd_free(&pwd);
return NT_STATUS_OK;
}
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index 2a43155c10..84f28eda08 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -99,7 +99,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
if (from->hdr_full_name.buffer) {
old_string = pdb_get_fullname(to);
- new_string = pdb_unistr2_convert(&from->uni_user_name);
+ new_string = pdb_unistr2_convert(&from->uni_full_name);
DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
pdb_set_fullname(to , new_string, PDB_CHANGED);