bug in interplay between SAMR_CREATE_USER and ldapsam
brad at langhorst.com
Fri May 14 02:14:42 GMT 2004
This bug is exposed when a client issues the RPC SAMR_CREATE_USER
this command is routed to the
_samr_create_user function in srv__samr__nt
About half way through the function it correctly calls the add machine
script - which creates a machine account in the ldap store.
after this call succeeds it calls pdb_add_sam_account
which gets routed to ldapsam_add_sam_account
ldapsam_add_sam_account immediately searches the ldap store for the user
it's going to create and returns an NT_STATUS_UNSUCCESSFUL because this
user was added to the ldap store by the add_machine script.
I don't know this code very well so I'm not sure if it is appropriate
for ldapsam_add_sam_account to return NT_STATUS_UNSUCCESSFUL - why not
it doesn't really matter because the struct sitting between the rpc area
and the pdb backends just returns
so all the errors get collapsed into one state and the caller wouldn't
be able do anything different anyway.
Is it reasonable for me to change that struct to return the actual
NT_STATUS code so the RPC code can do something different?
What about just returning NT_STATUS_OK from the user search?
what other code paths care about pre-existing users?
More information about the samba-technical