[SCM] Samba Shared Repository - branch v3-4-stable updated -
release-3-4-0pre2-17-gb3a68b8
Karolin Seeger
kseeger at samba.org
Thu Jun 11 08:00:41 GMT 2009
The branch, v3-4-stable has been updated
via b3a68b86b9e8a9b66fe540269c4abe9b5a71ab6b (commit)
via 6c50b256262fd2f17a9aff44a42f97c2cbd5decd (commit)
via 6af23dc0cc65bb91eb7b0c7e3b9ebd9bb4081552 (commit)
via fb31ca23e227385efcbd6a3e6fc737d5ff7cd2af (commit)
via b00d1f5f96883fd5429889f6472f212a84b8699b (commit)
via c757a2be81b82d3ecc4f31e13a6dcc407a5d5882 (commit)
via 5f02e51a230bb8ab81d9bf7bfcd99334c82172ca (commit)
via 784f18192ed30fb702c0f3797e15230a998072e2 (commit)
via ebbfa4ea102aa969b80a2c724bf6e8fe465865ca (commit)
via f053261c3f37ea80fd82110a9981bde57f03ee8a (commit)
via fb2cf8bde2527acd135b13d1aee83cd4086fa35e (commit)
via 16a863322a740284db9f861f1a2fc3f1314d568b (commit)
via 80c52c15b5ba3ea2641a50b4e5b86580d2d75e0e (commit)
via 0e02eab5f63ead8296ba66260f6f204f0dc22fc2 (commit)
via 3b8f3604d694c0407fedf5d0d184e00cb69b674f (commit)
via a9ea84a9db7ff3846b3960667255cc1281151983 (commit)
via 5f90912c858d0b250e60bdb48288ac1635228eca (commit)
from 491c57da747527dc3c5638a007689b0b04645fb9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit b3a68b86b9e8a9b66fe540269c4abe9b5a71ab6b
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jun 11 09:58:57 2009 +0200
WHATSNEW: Update changes since 3.4.0pre2.
Karolin
(cherry picked from commit 524b090b12c51ad2748e2b635144c9d0fa89c350)
commit 6c50b256262fd2f17a9aff44a42f97c2cbd5decd
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jun 11 09:35:48 2009 +0200
VERSION: Raise version number up to 3.4.0rc1.
Karolin
(cherry picked from commit 0f68bd945ff797ffaa3fcc3a5722a4bc17639276)
commit 6af23dc0cc65bb91eb7b0c7e3b9ebd9bb4081552
Author: Günther Deschner <gd at samba.org>
Date: Tue Jun 9 15:41:44 2009 +0200
s3-net: fix "net ads testjoin".
This always needs to use machine account credentials.
Fixes bug #6456.
Kai, please check.
Guenther
Signed-off-by: Kai Blin <kai at samba.org>
(cherry picked from commit f1d8ffab15d339f485b4cb2062167db026537b1f)
commit fb31ca23e227385efcbd6a3e6fc737d5ff7cd2af
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Jun 10 08:39:35 2009 +0200
s3/docs: Fix typos.
Fix typos reported by OPC oota <t-oota [at] dh.jp.nec.com>.
Thanks!
Karolin
(cherry picked from commit ad0d8032068fc9b920e205d3f5f923174101d777)
(cherry picked from commit b7d54f443ade79d3f2b71aa138fd5254754bb750)
commit b00d1f5f96883fd5429889f6472f212a84b8699b
Author: Günther Deschner <gd at samba.org>
Date: Fri May 29 18:08:02 2009 +0200
s3-passdb: fix uninitialized variable in local_password_change().
Guenther
(cherry picked from commit ac1ee43a2a4efa54d3d236aad8b8d21e6aaf632c)
commit c757a2be81b82d3ecc4f31e13a6dcc407a5d5882
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 8 10:05:11 2009 +0200
Further fix for 6449
Thanks to TAKAHASHI Motonobu <monyo at samba.gr.jp> for reporting!
(cherry picked from commit 4368df8c839612236951b4f16367ab178c91d42e)
commit 5f02e51a230bb8ab81d9bf7bfcd99334c82172ca
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 8 09:45:21 2009 +0200
Fix bug 6449
Thanks to TAKAHASHI Motonobu <monyo at samba.gr.jp> for reporting!
(cherry picked from commit 022563dc7efb132293bff4ae9c5e21dcb3e1effc)
commit 784f18192ed30fb702c0f3797e15230a998072e2
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Jun 6 15:56:47 2009 +0200
s3/docs: Fix example.
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
(cherry picked from commit 0fee798552038b730b0107540d6cfeb475803555)
(cherry picked from commit 629e7aa91a33a5428676d8f6eeac19ea9fec14d6)
commit ebbfa4ea102aa969b80a2c724bf6e8fe465865ca
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Jun 6 15:10:08 2009 +0200
s3/passdb: Fix debug message: 'net setmaxrid' does not exist.
This is aiming bug #6351.
Karolin
(cherry picked from commit c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
(cherry picked from commit c72f75afce0f0ba300ba12ccca61a650a6c1e73b)
commit f053261c3f37ea80fd82110a9981bde57f03ee8a
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Jun 5 15:35:05 2009 +0200
s3/docs: Fix typo.
Karolin
(cherry picked from commit 613c8acbdd93210b40ec6fa48cbbf297a061b3cc)
(cherry picked from commit c84f1c7ac9da7e26f28cb233efe45614f0cedea3)
commit fb2cf8bde2527acd135b13d1aee83cd4086fa35e
Author: Björn Jacke <bj at sernet.de>
Date: Wed Jun 3 17:39:50 2009 +0200
s3:torture: fix password timestamp checks on NetBSD
The Open Group says:
"The useconds argument [of usleep] must be less than 1,000,000."
NetBSD takes this seriously. usleep of more than 999999 are effectless.
(cherry picked from commit b3491df2f9db2c550845243975ddbf0a2f9658e6)
(cherry picked from commit 50f362e294d5a507d03fd54d1d976f40a935288f)
commit 16a863322a740284db9f861f1a2fc3f1314d568b
Author: Björn Jacke <bj at sernet.de>
Date: Wed Jun 3 18:03:36 2009 +0200
s3: correct check for usleep value boundaries
(cherry picked from commit 7cdad30b9640cc876e8ca59cd67455039107a5df)
(cherry picked from commit 2e14ccc5c6be9dd7e7b98dc60c89d54ba3772344)
commit 80c52c15b5ba3ea2641a50b4e5b86580d2d75e0e
Author: Simo Sorce <idra at samba.org>
Date: Sat May 30 10:16:31 2009 -0400
Make it possible to change machine account sids
Fixes bug #6081
(cherry picked from commit 9fc13f6a2d02c22f639a1a819e09ebb648faaff7)
(cherry picked from commit 747068ff4688000287ace009f3dc58e12eefa615)
commit 0e02eab5f63ead8296ba66260f6f204f0dc22fc2
Author: Simo Sorce <idra at samba.org>
Date: Sat May 16 18:10:39 2009 -0400
Consolidate user create/delete paths in smbpasswd
This patch changes the way smbpasswd behaves when adding/deleting users.
smbpasswd now calls pdb_create_user/pdb_delete_user, this means that if
add/delete user scripts are configured then they are used to create or
delete unix users as well. If the scripts are not defined the behavioris
unchanged.
This also allow to use smbpasswd -a/-x with ldapsam:editposix to allow
automatic creation/deletion of users.
Part 2/2 for bug #6333.
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 64d1b5c4e1efd734176c1ea6e5e564e626128b4f)
(cherry picked from commit 7086d3164cb897adb23e753294ca78bdfe01d4a5)
commit 3b8f3604d694c0407fedf5d0d184e00cb69b674f
Author: Michael Adam <obnox at samba.org>
Date: Fri May 29 23:48:26 2009 +0200
s3:pdbedit: fix "format not a string literal and no format arguments" warnings
Michael
(cherry picked from commit 2b68fb7cb4ab5b76028c54ef163badd2952fe0c0)
(cherry picked from commit 138b037c437ad27466646beb33e1922b6d18ef8c)
commit a9ea84a9db7ff3846b3960667255cc1281151983
Author: Simo Sorce <idra at samba.org>
Date: Sat May 16 20:36:28 2009 -0400
Consolidate create/delete account paths in pdbedit
Use common paths like for smbpasswd, so that all utilities
behave the same way. As for smbpasswd this changes the behavior
of pdbedit to create/delete unix users is the add/delete user
scripts are provided, or ldapsam:editposix is configured.
Part 1/2 for bug #6333.
Signed-off-by: Günther Deschner <gd at samba.org>
(cherry picked from commit f48e39540c9767e9077e7534a6d410b4ce597c86)
(cherry picked from commit 8191fe96c6a5ba57ffc94d7cc54693d6eb2967f5)
commit 5f90912c858d0b250e60bdb48288ac1635228eca
Author: Volker Lendecke <vl at samba.org>
Date: Sun Apr 5 17:01:57 2009 +0200
Remove a silly check
This does not increase security, and if later error messages suck, we have to
fix those.
(cherry picked from commit e5c7df34f2d461b0f348fc1b40275a97d918ed9e)
(cherry picked from commit 291a3e79ba26b1c0e00bf929337d6251c8929e05)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 28 +-
docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml | 4 +-
docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml | 6 +-
docs-xml/smbdotconf/protocol/unixextensions.xml | 4 +-
source3/VERSION | 4 +-
source3/include/proto.h | 2 +-
source3/lib/system.c | 2 +-
source3/param/loadparm.c | 5 +
source3/passdb/passdb.c | 326 ++++++-----
source3/passdb/pdb_interface.c | 4 +-
source3/utils/net_ads.c | 1 +
source3/utils/net_rap.c | 4 +-
source3/utils/pdbedit.c | 722 ++++++++++++++---------
source3/utils/smbpasswd.c | 42 +-
source4/torture/rpc/samr.c | 2 +-
15 files changed, 693 insertions(+), 463 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 35e52c5..02f33f3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,10 +1,10 @@
- =================================
- Release Notes for Samba 3.4.0pre2
- June 02, 2009
- =================================
+ ================================
+ Release Notes for Samba 3.4.0rc1
+ June 17, 2009
+ ================================
-This is the second preview release of Samba 3.4. This is *not*
+This is the first release candidate of Samba 3.4. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -240,6 +240,24 @@ o Jelmer Vernooij <jelmer at samba.org>
* Move common libraries to the shared lib/ directory.
+Changes since 3.4.0pre2
+-----------------------
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 5456: Fix "net ads testjoin".
+ * BUG 6458: Fix uninitialized variable in local_password_change().
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 6449: 'net rap user add' crashes without -C option.
+
+
+o Simo Sorce <idra at samba.org>
+ * BUG 6081: Make it possible to change machine account sids.
+ * BUG 6333: Consolidate create/delete account paths in pdbedit.
+
+
Changes since 3.4.0pre1
-----------------------
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
index ff25525..517bb0f 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
@@ -1214,7 +1214,7 @@ userPassword: {SSHA}0jBHgQ1vp4EDX2rEMMfIudvRMJoGwjVb
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=People</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
-<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=quenya,dc=org</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
@@ -1281,7 +1281,7 @@ userPassword: {SSHA}0jBHgQ1vp4EDX2rEMMfIudvRMJoGwjVb
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=People</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
-<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=quenya,dc=org</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml
index d37edbe..451af57 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml
@@ -306,7 +306,7 @@ many SSO solutions are an administrative nightmare.
<indexterm><primary>SSO</primary></indexterm>
SSO implementations utilize centralization of all user account information. Depending on environmental
complexity and the age of the systems over which a SSO solution is implemented, it may not be possible to
-change the solution architecture so as to accomodate a new identity management and user authentication system.
+change the solution architecture so as to accommodate a new identity management and user authentication system.
Many SSO solutions involving legacy systems consist of a new super-structure that handles authentication on
behalf of the user. The software that gets layered over the old system may simply implement a proxy
authentication system. This means that the addition of SSO increases over-all information systems complexity.
@@ -375,8 +375,8 @@ that share live services. The Liberty Alliance, an industry group formed to prom
standards, has adopted SAML 1.1 as part of its application framework. Microsoft and IBM have proposed an
alternative specification called WS-Security. Some believe that the competing technologies and methods may
converge when the SAML 2.0 standard is introduced. A few Web access-management products support SAML today,
-but implemention of the technology mostly requires customization to integrate applications and develop user
-interfaces. In a nust-shell, that is why FIM is a big and growing industry.
+but implementation of the technology mostly requires customization to integrate applications and develop user
+interfaces. In a nutshell, that is why FIM is a big and growing industry.
</para>
<para>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index 5b4a36a..da9ad10 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -4,8 +4,8 @@
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This boolean parameter controls whether Samba
- implments the CIFS UNIX extensions, as defined by HP.
+ <para>This boolean parameter controls whether Samba
+ implements the CIFS UNIX extensions, as defined by HP.
These extensions enable Samba to better serve UNIX CIFS clients
by supporting features such as symbolic links, hard links, etc...
These extensions require a similarly enabled client, and are of
diff --git a/source3/VERSION b/source3/VERSION
index dbbe6cb..a389343 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -46,7 +46,7 @@ SAMBA_VERSION_REVISION=
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
# -> "2.2.9pre1" #
########################################################
-SAMBA_VERSION_PRE_RELEASE=2
+SAMBA_VERSION_PRE_RELEASE=
########################################################
# For 'rc' releases the version will be #
@@ -56,7 +56,7 @@ SAMBA_VERSION_PRE_RELEASE=2
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=
+SAMBA_VERSION_RC_RELEASE=1
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a7ef216..b5c0608 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4353,7 +4353,7 @@ enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp);
void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val);
int lp_min_receive_file_size(void);
char* lp_perfcount_module(void);
-
+void lp_set_passdb_backend(const char *backend);
/* The following definitions come from param/util.c */
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 10b55f6..e815766 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -94,7 +94,7 @@ int sys_usleep(long usecs)
* is not SPEC1170 complient... grumble... JRA.
*/
- if(usecs < 0 || usecs > 1000000) {
+ if(usecs < 0 || usecs > 999999) {
errno = EINVAL;
return -1;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index faffb8e..553938f 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9736,3 +9736,8 @@ const char *lp_socket_address(void)
}
return Globals.szSocketAddress;
}
+
+void lp_set_passdb_backend(const char *backend)
+{
+ string_set(&Globals.szPassdbBackend, backend);
+}
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index fd715d2..aad16da 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -626,7 +626,14 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
}
/*************************************************************
- Change a password entry in the local smbpasswd file.
+ Change a password entry in the local passdb backend.
+
+ Assumptions:
+ - always called as root
+ - ignores the account type except when adding a new account
+ - will create/delete the unix account if the relative
+ add/delete user script is configured
+
*************************************************************/
NTSTATUS local_password_change(const char *user_name,
@@ -635,133 +642,135 @@ NTSTATUS local_password_change(const char *user_name,
char **pp_err_str,
char **pp_msg_str)
{
- struct samu *sam_pass=NULL;
- uint32 other_acb;
+ TALLOC_CTX *tosctx;
+ struct samu *sam_pass;
+ uint32_t acb;
+ uint32_t rid;
NTSTATUS result;
+ bool user_exists;
+ int ret = -1;
*pp_err_str = NULL;
*pp_msg_str = NULL;
- /* Get the smb passwd entry for this user */
-
- if ( !(sam_pass = samu_new( NULL )) ) {
+ tosctx = talloc_tos();
+ if (!tosctx) {
return NT_STATUS_NO_MEMORY;
}
- become_root();
- if(!pdb_getsampwnam(sam_pass, user_name)) {
- unbecome_root();
- TALLOC_FREE(sam_pass);
-
- if ((local_flags & LOCAL_ADD_USER) || (local_flags & LOCAL_DELETE_USER)) {
- int tmp_debug = DEBUGLEVEL;
- struct passwd *pwd;
-
- /* Might not exist in /etc/passwd. */
-
- if (tmp_debug < 1) {
- DEBUGLEVEL = 1;
- }
+ sam_pass = samu_new(tosctx);
+ if (!sam_pass) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), user_name)) ) {
- return NT_STATUS_NO_SUCH_USER;
+ /* Get the smb passwd entry for this user */
+ user_exists = pdb_getsampwnam(sam_pass, user_name);
+
+ /* Check delete first, we don't need to do anything else if we
+ * are going to delete the acocunt */
+ if (user_exists && (local_flags & LOCAL_DELETE_USER)) {
+
+ result = pdb_delete_user(tosctx, sam_pass);
+ if (!NT_STATUS_IS_OK(result)) {
+ ret = asprintf(pp_err_str,
+ "Failed to delete entry for user %s.\n",
+ user_name);
+ if (ret < 0) {
+ *pp_err_str = NULL;
}
-
- /* create the struct samu and initialize the basic Unix properties */
-
- if ( !(sam_pass = samu_new( NULL )) ) {
- return NT_STATUS_NO_MEMORY;
+ result = NT_STATUS_UNSUCCESSFUL;
+ } else {
+ ret = asprintf(pp_msg_str,
+ "Deleted user %s.\n",
+ user_name);
+ if (ret < 0) {
+ *pp_msg_str = NULL;
}
+ }
+ goto done;
+ }
- result = samu_set_unix( sam_pass, pwd );
-
- DEBUGLEVEL = tmp_debug;
+ if (user_exists && (local_flags & LOCAL_ADD_USER)) {
+ /* the entry already existed */
+ local_flags &= ~LOCAL_ADD_USER;
+ }
- TALLOC_FREE( pwd );
+ if (!user_exists && !(local_flags & LOCAL_ADD_USER)) {
+ ret = asprintf(pp_err_str,
+ "Failed to find entry for user %s.\n",
+ user_name);
+ if (ret < 0) {
+ *pp_err_str = NULL;
+ }
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
- if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PRIMARY_GROUP)) {
- return result;
- }
+ /* First thing add the new user if we are required to do so */
+ if (local_flags & LOCAL_ADD_USER) {
- if (!NT_STATUS_IS_OK(result)) {
- if (asprintf(pp_err_str, "Failed to " "initialize account for user %s: %s\n",
- user_name, nt_errstr(result)) < 0) {
- *pp_err_str = NULL;
- }
- return result;
- }
+ if (local_flags & LOCAL_TRUST_ACCOUNT) {
+ acb = ACB_WSTRUST;
+ } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+ acb = ACB_DOMTRUST;
} else {
- if (asprintf(pp_err_str, "Failed to find entry for user %s.\n", user_name) < 0) {
- *pp_err_str = NULL;
- }
- return NT_STATUS_NO_SUCH_USER;
+ acb = ACB_NORMAL;
}
- } else {
- unbecome_root();
- /* the entry already existed */
- local_flags &= ~LOCAL_ADD_USER;
- }
- /* the 'other' acb bits not being changed here */
- other_acb = (pdb_get_acct_ctrl(sam_pass) & (~(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
- if (local_flags & LOCAL_TRUST_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
- if (asprintf(pp_err_str, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name) < 0) {
+ result = pdb_create_user(tosctx, user_name, acb, &rid);
+ if (!NT_STATUS_IS_OK(result)) {
+ ret = asprintf(pp_err_str,
+ "Failed to add entry for user %s.\n",
+ user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to set 'domain trust account' flags for user %s.\n", user_name) < 0) {
- *pp_err_str = NULL;
- }
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
+
+ sam_pass = samu_new(tosctx);
+ if (!sam_pass) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
}
- } else {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to set 'normal account' flags for user %s.\n", user_name) < 0) {
+
+ /* Now get back the smb passwd entry for this new user */
+ user_exists = pdb_getsampwnam(sam_pass, user_name);
+ if (!user_exists) {
+ ret = asprintf(pp_err_str,
+ "Failed to add entry for user %s.\n",
+ user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
}
+ acb = pdb_get_acct_ctrl(sam_pass);
+
/*
* We are root - just write the new password
* and the valid last change time.
*/
-
- if (local_flags & LOCAL_DISABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to set 'disabled' flag for user %s.\n", user_name) < 0) {
- *pp_err_str = NULL;
- }
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
- }
- } else if (local_flags & LOCAL_ENABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name) < 0) {
+ if ((local_flags & LOCAL_SET_NO_PASSWORD) && !(acb & ACB_PWNOTREQ)) {
+ acb |= ACB_PWNOTREQ;
+ if (!pdb_set_acct_ctrl(sam_pass, acb, PDB_CHANGED)) {
+ ret = asprintf(pp_err_str,
+ "Failed to set 'no password required' "
+ "flag for user %s.\n", user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
}
- if (local_flags & LOCAL_SET_NO_PASSWORD) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to set 'no password required' flag for user %s.\n", user_name) < 0) {
- *pp_err_str = NULL;
- }
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
- }
- } else if (local_flags & LOCAL_SET_PASSWORD) {
+ if (local_flags & LOCAL_SET_PASSWORD) {
/*
* If we're dealing with setting a completely empty user account
* ie. One with a password of 'XXXX', but not set disabled (like
@@ -771,83 +780,106 @@ NTSTATUS local_password_change(const char *user_name,
* and the decision hasn't really been made to disable them (ie.
* don't create them disabled). JRA.
*/
- if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name) < 0) {
+ if ((pdb_get_lanman_passwd(sam_pass) == NULL) &&
+ (acb & ACB_DISABLED)) {
+ acb &= (~ACB_DISABLED);
+ if (!pdb_set_acct_ctrl(sam_pass, acb, PDB_CHANGED)) {
+ ret = asprintf(pp_err_str,
+ "Failed to unset 'disabled' "
+ "flag for user %s.\n",
+ user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
- if (asprintf(pp_err_str, "Failed to unset 'no password required' flag for user %s.\n", user_name) < 0) {
- *pp_err_str = NULL;
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
- if (asprintf(pp_err_str, "Failed to set password for user %s.\n", user_name) < 0) {
+ acb &= (~ACB_PWNOTREQ);
+ if (!pdb_set_acct_ctrl(sam_pass, acb, PDB_CHANGED)) {
+ ret = asprintf(pp_err_str,
+ "Failed to unset 'no password required'"
+ " flag for user %s.\n", user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- }
- if (local_flags & LOCAL_ADD_USER) {
- if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) {
- if (asprintf(pp_msg_str, "Added user %s.\n", user_name) < 0) {
- *pp_msg_str = NULL;
- }
- TALLOC_FREE(sam_pass);
- return NT_STATUS_OK;
- } else {
- if (asprintf(pp_err_str, "Failed to add entry for user %s.\n", user_name) < 0) {
+ if (!pdb_set_plaintext_passwd(sam_pass, new_passwd)) {
+ ret = asprintf(pp_err_str,
+ "Failed to set password for "
+ "user %s.\n", user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- } else if (local_flags & LOCAL_DELETE_USER) {
- if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) {
- if (asprintf(pp_err_str, "Failed to delete entry for user %s.\n", user_name) < 0) {
+ }
+
+ if ((local_flags & LOCAL_DISABLE_USER) && !(acb & ACB_DISABLED)) {
+ acb |= ACB_DISABLED;
+ if (!pdb_set_acct_ctrl(sam_pass, acb, PDB_CHANGED)) {
+ ret = asprintf(pp_err_str,
+ "Failed to set 'disabled' flag for "
+ "user %s.\n", user_name);
+ if (ret < 0) {
*pp_err_str = NULL;
}
- TALLOC_FREE(sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
--
Samba Shared Repository
More information about the samba-cvs
mailing list