svn commit: samba r17364 - in branches/SAMBA_3_0/source/rpc_server: .

vlendec at samba.org vlendec at samba.org
Tue Aug 1 14:46:09 GMT 2006 

Author: vlendec
Date: 2006-08-01 14:46:08 +0000 (Tue, 01 Aug 2006)
New Revision: 17364

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17364

Log:
Another NT4 join bug: The idealx tools set the primary group sid, and if we do
an update_sam_account later on, we want to also set it using the delete/add
method. As the idealx tools use the replace method, they don't care about what
has been in there before.

Jerry, this is a likely 3.0.23b candidate. Not merging, it's your call :-)

Volker
Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c	2006-08-01 12:45:12 UTC (rev 17363)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c	2006-08-01 14:46:08 UTC (rev 17364)
@@ -3338,13 +3338,20 @@
 
 	copy_id25_to_sam_passwd(pwd, id25);
  
+	/* write the change out */
+	if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) {
+		TALLOC_FREE(pwd);
+		return status;
+ 	}
+
 	/*
-	 * The funny part about the previous two calls is
-	 * that pwd still has the password hashes from the
-	 * passdb entry.  These have not been updated from
-	 * id21.  I don't know if they need to be set.    --jerry
+	 * We need to "pdb_update_sam_account" before the unix primary group
+	 * is set, because the idealx scripts would also change the
+	 * sambaPrimaryGroupSid using the ldap replace method. pdb_ldap uses
+	 * the delete explicit / add explicit, which would then fail to find
+	 * the previous primaryGroupSid value.
 	 */
- 
+
 	if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) {
 		status = pdb_set_unix_primary_group(mem_ctx, pwd);
 		if ( !NT_STATUS_IS_OK(status) ) {
@@ -3352,16 +3359,6 @@
 		}
 	}
 	
-	/* Don't worry about writing out the user account since the
-	   primary group SID is generated solely from the user's Unix 
-	   primary group. */
-
-	/* write the change out */
-	if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) {
-		TALLOC_FREE(pwd);
-		return status;
- 	}
-
 	/* WARNING: No TALLOC_FREE(pwd), we are about to set the password
 	 * hereafter! */

More information about the samba-cvs mailing list