svn commit: samba r12529 - in trunk/source: passdb rpc_server utils
vlendec at samba.org
vlendec at samba.org
Tue Dec 27 23:24:20 GMT 2005
Author: vlendec
Date: 2005-12-27 23:24:18 +0000 (Tue, 27 Dec 2005)
New Revision: 12529
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12529
Log:
Implement pdb_new_rid, the easy way is to redirect that to winbind
again. Transferring that to passdb tomorrow, it's too late today.
Volker
Modified:
trunk/source/passdb/passdb.c
trunk/source/passdb/pdb_ldap.c
trunk/source/passdb/pdb_tdb.c
trunk/source/rpc_server/srv_samr_nt.c
trunk/source/utils/pdbedit.c
Changeset:
Modified: trunk/source/passdb/passdb.c
===================================================================
--- trunk/source/passdb/passdb.c 2005-12-27 22:51:30 UTC (rev 12528)
+++ trunk/source/passdb/passdb.c 2005-12-27 23:24:18 UTC (rev 12529)
@@ -350,12 +350,12 @@
on the UNIX user. Pass in a RID if you have one
************************************************************/
-NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username,
- uint32 rid)
+NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
{
NTSTATUS nt_status = NT_STATUS_NO_MEMORY;
struct passwd *pwd;
BOOL ret;
+ uint32 rid;
pwd = Get_Pwnam(username);
@@ -366,11 +366,14 @@
*new_sam_acct = NULL;
return nt_status;
}
-
- /* see if we need to generate a new rid using the 2.2 algorithm */
- if ( rid == 0 && pdb_rid_algorithm() ) {
- DEBUG(10,("pdb_init_sam_new: no RID specified. Generating one via old algorithm\n"));
+
+ if (pdb_rid_algorithm()) {
rid = algorithmic_pdb_uid_to_user_rid(pwd->pw_uid);
+ } else {
+ if (!pdb_new_rid(&rid)) {
+ DEBUG(10,("Could not generate a new RID\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
}
/* set the new SID */
@@ -886,7 +889,7 @@
if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
/* Might not exist in /etc/passwd. Use rid algorithm here */
- if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name, 0))) {
+ if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name))) {
slprintf(err_str, err_str_len-1, "Failed to initialise SAM_ACCOUNT for user %s. Does this user exist in the UNIX password database ?\n", user_name);
return False;
}
Modified: trunk/source/passdb/pdb_ldap.c
===================================================================
--- trunk/source/passdb/pdb_ldap.c 2005-12-27 22:51:30 UTC (rev 12528)
+++ trunk/source/passdb/pdb_ldap.c 2005-12-27 23:24:18 UTC (rev 12529)
@@ -4224,6 +4224,11 @@
return False;
}
+static BOOL ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid)
+{
+ return winbind_allocate_rid(rid);
+}
+
/**********************************************************************
Housekeeping
*********************************************************************/
@@ -4290,6 +4295,7 @@
(*pdb_method)->get_seq_num = ldapsam_get_seq_num;
(*pdb_method)->rid_algorithm = ldapsam_rid_algorithm;
+ (*pdb_method)->new_rid = ldapsam_new_rid;
/* TODO: Setup private data and free */
Modified: trunk/source/passdb/pdb_tdb.c
===================================================================
--- trunk/source/passdb/pdb_tdb.c 2005-12-27 22:51:30 UTC (rev 12528)
+++ trunk/source/passdb/pdb_tdb.c 2005-12-27 23:24:18 UTC (rev 12529)
@@ -869,6 +869,11 @@
return False;
}
+static BOOL tdbsam_new_rid(struct pdb_methods *methods, uint32 *rid)
+{
+ return winbind_allocate_rid(rid);
+}
+
static void free_private_data(void **vp)
{
struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
@@ -913,6 +918,7 @@
(*pdb_method)->rename_sam_account = tdbsam_rename_sam_account;
(*pdb_method)->rid_algorithm = tdbsam_rid_algorithm;
+ (*pdb_method)->new_rid = tdbsam_new_rid;
tdb_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct tdbsam_privates);
Modified: trunk/source/rpc_server/srv_samr_nt.c
===================================================================
--- trunk/source/rpc_server/srv_samr_nt.c 2005-12-27 22:51:30 UTC (rev 12528)
+++ trunk/source/rpc_server/srv_samr_nt.c 2005-12-27 23:24:18 UTC (rev 12529)
@@ -2299,7 +2299,6 @@
uint32 acc_granted;
SEC_DESC *psd;
size_t sd_size;
- uint32 new_rid = 0;
/* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
BOOL can_add_account = False;
@@ -2404,7 +2403,7 @@
* of this call */
flush_pwnam_cache();
- nt_status = pdb_init_sam_new(&sam_pass, account, new_rid);
+ nt_status = pdb_init_sam_new(&sam_pass, account);
/* this code is order such that we have no unnecessary retuns
out of the admin block of code */
@@ -4258,19 +4257,28 @@
/* so far, so good */
result = NT_STATUS_OK;
-
- r_u->rid = pdb_gid_to_group_rid( grp->gr_gid );
- /* add the group to the mapping table */
+ if (pdb_rid_algorithm()) {
+ r_u->rid = pdb_gid_to_group_rid( grp->gr_gid );
+ } else {
+ if (!pdb_new_rid(&r_u->rid)) {
+ result = NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (NT_STATUS_IS_OK(result)) {
+
+ /* add the group to the mapping table */
- sid_copy( &info_sid, get_global_sam_sid() );
- sid_append_rid( &info_sid, r_u->rid );
- sid_to_string( sid_string, &info_sid );
+ sid_copy( &info_sid, get_global_sam_sid() );
+ sid_append_rid( &info_sid, r_u->rid );
+ sid_to_string( sid_string, &info_sid );
- /* reset the error code if we fail to add the mapping entry */
+ /* reset the error code if we fail to add the mapping entry */
- if ( !add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL) )
- result = NT_STATUS_ACCESS_DENIED;
+ if ( !add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL) )
+ result = NT_STATUS_ACCESS_DENIED;
+ }
}
if ( can_add_accounts )
Modified: trunk/source/utils/pdbedit.c
===================================================================
--- trunk/source/utils/pdbedit.c 2005-12-27 22:51:30 UTC (rev 12528)
+++ trunk/source/utils/pdbedit.c 2005-12-27 23:24:18 UTC (rev 12529)
@@ -498,7 +498,7 @@
get_global_sam_sid();
- if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pwent, username, 0))) {
+ if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pwent, username))) {
DEBUG(0, ("could not create account to add new user %s\n", username));
return -1;
}
More information about the samba-cvs
mailing list