svn commit: samba r24080 - in branches/SAMBA_4_0/source: librpc/idl
rpc_server/samr torture/rpc
abartlet at samba.org
abartlet at samba.org
Mon Jul 30 10:30:43 GMT 2007
Author: abartlet
Date: 2007-07-30 10:30:34 +0000 (Mon, 30 Jul 2007)
New Revision: 24080
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24080
Log:
Set the primary group (matching windows) when creating new users in
SAMR. This can't be done in the ldb templates code, as it doesn't
happen over direct LDAP.
As noted in bug #4829.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/librpc/idl/security.idl
branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
branches/SAMBA_4_0/source/torture/rpc/samr.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/security.idl
===================================================================
--- branches/SAMBA_4_0/source/librpc/idl/security.idl 2007-07-30 10:30:19 UTC (rev 24079)
+++ branches/SAMBA_4_0/source/librpc/idl/security.idl 2007-07-30 10:30:34 UTC (rev 24080)
@@ -170,6 +170,7 @@
const int DOMAIN_RID_GUEST = 501;
const int DOMAIN_RID_ADMINS = 512;
const int DOMAIN_RID_USERS = 513;
+ const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
const int DOMAIN_RID_DCS = 516;
const int DOMAIN_RID_CERT_ADMINS = 517;
const int DOMAIN_RID_SCHEMA_ADMINS = 518;
Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:30:19 UTC (rev 24079)
+++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:30:34 UTC (rev 24080)
@@ -1269,6 +1269,7 @@
cn_name[cn_name_len - 1] = '\0';
container = "CN=Computers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS);
} else if (r->in.acct_flags == ACB_SVRTRUST) {
if (cn_name[cn_name_len - 1] != '$') {
@@ -1277,6 +1278,7 @@
cn_name[cn_name_len - 1] = '\0';
container = "OU=Domain Controllers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS);
} else if (r->in.acct_flags == ACB_DOMTRUST) {
container = "CN=Users";
Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samr.c 2007-07-30 10:30:19 UTC (rev 24079)
+++ branches/SAMBA_4_0/source/torture/rpc/samr.c 2007-07-30 10:30:34 UTC (rev 24080)
@@ -2513,7 +2513,7 @@
if (NT_STATUS_IS_OK(status)) {
q.in.user_handle = &user_handle;
- q.in.level = 16;
+ q.in.level = 5;
status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
@@ -2521,11 +2521,34 @@
q.in.level, nt_errstr(status));
ret = False;
} else {
- if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
- printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
- q.out.info->info16.acct_flags,
+ if ((q.out.info->info5.acct_flags & acct_flags) != acct_flags) {
+ printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ q.out.info->info5.acct_flags,
acct_flags);
ret = False;
+ }
+ switch (acct_flags) {
+ case ACB_SVRTRUST:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) {
+ printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_DCS, q.out.info->info5.primary_gid);
+ ret = False;
+ }
+ break;
+ case ACB_WSTRUST:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
+ printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid);
+ ret = False;
+ }
+ break;
+ case ACB_NORMAL:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) {
+ printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_USERS, q.out.info->info5.primary_gid);
+ ret = False;
+ }
+ break;
}
}
More information about the samba-cvs
mailing list