summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/passdb.c61
-rw-r--r--source3/rpc_server/srv_samr_nt.c69
-rw-r--r--source3/utils/pdbedit.c16
3 files changed, 52 insertions, 94 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 15756b7e22..903c7ada96 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -266,6 +266,38 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
}
+/*************************************************************
+ Initialises a SAM_ACCOUNT ready to add a new account, based
+ on the unix user if possible.
+ ************************************************************/
+
+NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
+{
+ NTSTATUS nt_status = NT_STATUS_NO_MEMORY;
+
+ struct passwd *pwd;
+
+ pwd = Get_Pwnam(username);
+
+ if (pwd) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd))) {
+ *new_sam_acct = NULL;
+ return nt_status;
+ }
+ } else {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) {
+ *new_sam_acct = NULL;
+ return nt_status;
+ }
+ if (!pdb_set_username(*new_sam_acct, username, PDB_SET)) {
+ pdb_free_sam(new_sam_acct);
+ return nt_status;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+
/**
* Free the contets of the SAM_ACCOUNT, but not the structure.
*
@@ -910,7 +942,6 @@ BOOL local_password_change(const char *user_name, int local_flags,
char *err_str, size_t err_str_len,
char *msg_str, size_t msg_str_len)
{
- struct passwd *pwd = NULL;
SAM_ACCOUNT *sam_pass=NULL;
uint16 other_acb;
@@ -922,35 +953,15 @@ BOOL local_password_change(const char *user_name, int local_flags,
if(!pdb_getsampwnam(sam_pass, user_name)) {
pdb_free_sam(&sam_pass);
- if (local_flags & LOCAL_ADD_USER) {
- pwd = getpwnam_alloc(user_name);
- } else if (local_flags & LOCAL_DELETE_USER) {
+ if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
/* Might not exist in /etc/passwd */
- } else {
- slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
- return False;
- }
-
- if (pwd) {
- /* Local user found, so init from this */
- if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pass, pwd))){
+ if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name))) {
slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
- passwd_free(&pwd);
return False;
}
-
- passwd_free(&pwd);
} else {
- if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_pass))){
- slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
- return False;
- }
-
- if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) {
- slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
- pdb_free_sam(&sam_pass);
- return False;
- }
+ slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
+ return False;
}
} else {
/* the entry already existed */
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9cc6474500..5ab0e80351 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1473,13 +1473,14 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
for (i = 0; i < num_rids; i++) {
fstring name;
DOM_SID sid;
+ int ret;
r_u->status = NT_STATUS_NONE_MAPPED;
rid [i] = 0xffffffff;
type[i] = SID_NAME_UNKNOWN;
- rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
+ ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
/*
* we are only looking for a name
@@ -1492,7 +1493,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
* a cleaner code is to add the sid of the domain we're looking in
* to the local_lookup_name function.
*/
- if(local_lookup_name(name, &sid, &local_type)) {
+
+ if ((ret > 0) && local_lookup_name(name, &sid, &local_type)) {
sid_split_rid(&sid, &local_rid);
if (sid_equal(&sid, &pol_sid)) {
@@ -2205,6 +2207,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
uint32 acc_granted;
SEC_DESC *psd;
size_t sd_size;
+ /* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
/* Get the domain SID stored in the domain policy */
@@ -2274,7 +2277,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
/* the passdb lookup has failed; check to see if we need to run the
add user/machine script */
- pw = getpwnam_alloc(account);
+ pw = Get_Pwnam(account);
if ( !pw ) {
/*
@@ -2288,76 +2291,28 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
pstrcpy(add_script, lp_addmachine_script());
else
pstrcpy(add_script, lp_adduser_script());
-
+
if (*add_script) {
int add_ret;
all_string_sub(add_script, "%u", account, sizeof(account));
add_ret = smbrun(add_script,NULL);
DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
}
-
- /* try again */
- pw = getpwnam_alloc(account);
- }
-
-
- if (pw) {
- DOM_SID user_sid;
- DOM_SID group_sid;
- if (!uid_to_sid(&user_sid, pw->pw_uid)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!gid_to_sid(&group_sid, pw->pw_gid)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) {
- passwd_free(&pw); /* done with this now */
- pdb_free_sam(&sam_pass);
- return NT_STATUS_NO_MEMORY;
- }
-
- passwd_free(&pw); /* done with this now */
- } else {
- DEBUG(3,("attempting to create non-unix account %s\n", account));
}
- if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
- pdb_free_sam(&sam_pass);
- return NT_STATUS_NO_MEMORY;
- }
-
+ nt_status = pdb_init_sam_new(&sam_pass, account);
+ if (!NT_STATUS_IS_OK(nt_status))
+ return nt_status;
+
pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
-
+
if (!pdb_add_sam_account(sam_pass)) {
pdb_free_sam(&sam_pass);
DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n",
account));
return NT_STATUS_ACCESS_DENIED;
}
-
- pdb_reset_sam(sam_pass);
-
- if (!pdb_getsampwnam(sam_pass, account)) {
- pdb_free_sam(&sam_pass);
- DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n",
- account));
- return NT_STATUS_ACCESS_DENIED;
- }
/* Get the user's SID */
sid_copy(&sid, pdb_get_user_sid(sam_pass));
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index d7de709e21..3a3d06a645 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -351,20 +351,12 @@ static int new_user (struct pdb_context *in, const char *username,
const char *profile, char *user_sid, char *group_sid)
{
SAM_ACCOUNT *sam_pwent=NULL;
- struct passwd *pwd = NULL;
+ NTSTATUS nt_status;
char *password1, *password2, *staticpass;
- ZERO_STRUCT(sam_pwent);
-
- if ((pwd = getpwnam_alloc(username))) {
- pdb_init_sam_pw (&sam_pwent, pwd);
- passwd_free(&pwd);
- } else {
- fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
- pdb_init_sam(&sam_pwent);
- if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) {
- return -1;
- }
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pwent, username))) {
+ DEBUG(0, ("could not create account to add new user %s\n", username));
+ return -1;
}
staticpass = getpass("new password:");