SV: [Samba] Error with usrmgr and groups.

Sergey Loskutov lsm at tts.magadan.su
Thu May 12 01:19:27 GMT 2005


Joel Larsson, PF, Posten wrote:
> It's exactly the same. Except that I use tdbsam instead of ldap and the error message therefore also is different in the log file. But the example and result is the same. Do you have any idea of workaround or fix?
> 
> Cheers, 
> Joel
> 
> 
> 
> -----Ursprungligt meddelande-----
> Från: Doug Campbell [mailto:doug at bpta.net] 
> Skickat: den 11 maj 2005 10:49
> Till: Joel Larsson, PF, Posten; samba at lists.samba.org
> Ämne: RE: [Samba] Error with usrmgr and groups.
> 
> 
>>I have a problem when using samba together with usrmgr. When adding a
>>global group I get an error message. The group is still created. You
>>can't see before you refresh but that's a minor detail.
> 
> 
> Joel,
> 
> I submitted a bug report on this a month or so back but it is still marked
> as new.  Maybe take a look and see if what I describe there is the same
> problem as you are having (it sounds like it to me).  Here is the link:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=2509
> 
> Doug
> 
> 
> 
> 
>>In the logfiles
>>
>>May 10 17:47:27 lanchester smbd[28424]: [2005/05/10 17:47:27, 0]
>>passdb/pdb_tdb.c:tdbsam_tdbopen(195)
>>
>>May 10 17:47:27 lanchester smbd[28424]:   Unable to open/create TDB
>>passwd
>>
>>May 10 17:47:27 lanchester smbd[28424]: [2005/05/10 17:47:27, 0]
>>passdb/pdb_tdb.c:tdbsam_getsampwrid(488)
>>
>>May 10 17:47:27 lanchester smbd[28424]:   pdb_getsampwrid: Unable to
>>open TDB rid database!
>>
>>
>>
>>
>>
>>Also, when trying to add or remove members of the group the same error
>>message appears in the log file. And the error message in usrmgr is
>>
>>"The user name could not be found." It appears when I try to add or
>>remove more than one user, but sometimes is appears when just adding or
>>removing one user.
>>
>>
>>
>>If I instead click on the user and add a group it works fine 100% of the
>>times.
>>
>>
>>
>>Any ideas what could be wrong? I have tried both 3.0.11 and 3.0.14a but
>>there is no difference.
>>
>>
>>
>>Cheers,
>>
>>Joel
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 
> 
Hello !

Long time ago, i have write patch for fixed more bugs with usrmgr.exe, but
group developer or ignore or has not noticed this. This patch help you and my be 
  you explain developer about this patch... my english is very poor..




-------------- next part --------------
--- srv_samr_nt.c.orig	2005-03-16 09:33:15.394423183 -1000
+++ srv_samr_nt.c	2005-03-17 17:41:13.297259499 -1000
@@ -2865,8 +2865,10 @@
 	 * id21.  I don't know if they need to be set.    --jerry
 	 */
  
-	if (IS_SAM_CHANGED(pwd, PDB_GROUPSID))
-		set_unix_primary_group(pwd);
+	if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) && !set_unix_primary_group(pwd) ) {
+	   pdb_free_sam(&pwd);
+	   return False;
+	}
 
 	/* write the change out */
 	if(!pdb_update_sam_account(pwd)) {
@@ -2933,8 +2935,10 @@
  
 	ZERO_STRUCT(plaintext_buf);
  
-	if (IS_SAM_CHANGED(pwd, PDB_GROUPSID))
-		set_unix_primary_group(pwd);
+	if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) && !set_unix_primary_group(pwd) ) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
 
 	if(!pdb_update_sam_account(pwd)) {
 		pdb_free_sam(&pwd);
@@ -3624,12 +3628,16 @@
 
 	sid_copy(&user_sid, get_global_sam_sid());
 	sid_append_rid(&user_sid, q_u->rid);
-
+	
+        
 	ret = pdb_init_sam(&sam_user);
+	
 	if (!NT_STATUS_IS_OK(ret))
 		return ret;
 	
+	become_root(); 
 	check = pdb_getsampwsid(sam_user, &user_sid);
+	unbecome_root();
 	
 	if (check != True) {
 		pdb_free_sam(&sam_user);
@@ -3708,6 +3716,7 @@
 	uint32 acc_granted;
 	SE_PRIV se_rights;
 	BOOL can_add_accounts;
+	BOOL ret;
 
 	/*
 	 * delete the group member named q_u->rid
@@ -3740,7 +3749,12 @@
 
 	/* check if the user exists before trying to remove it from the group */
 	pdb_init_sam(&sam_pass);
-	if (!pdb_getsampwsid(sam_pass, &user_sid)) {
+	
+	become_root();
+	ret = pdb_getsampwsid(sam_pass, &user_sid);
+	unbecome_root();
+	
+	if (!ret) {
 		DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass)));
 		pdb_free_sam(&sam_pass);
 		return NT_STATUS_NO_SUCH_USER;
@@ -4253,6 +4267,7 @@
 	GROUP_MAP map;
 	GROUP_INFO_CTR *ctr;
 	uint32 acc_granted;
+	BOOL ret;
 
 	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
 		return NT_STATUS_INVALID_HANDLE;
@@ -4276,9 +4291,13 @@
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
 	}
+	
+	become_root();
+	ret = pdb_update_group_mapping_entry(&map);
+	unbecome_root();
 
-	if(!pdb_update_group_mapping_entry(&map)) {
-		return NT_STATUS_NO_SUCH_GROUP;
+	if(!ret) {
+	  return NT_STATUS_NO_SUCH_GROUP;
 	}
 
 	return NT_STATUS_OK;
@@ -4430,6 +4449,7 @@
 	BOOL			is_user = False;
 	NTSTATUS		result;
 	enum SID_NAME_USE	type = SID_NAME_UNKNOWN;
+	BOOL			ret;
 	
 	sid_copy( &delete_sid, &q_u->sid.sid );
 	
@@ -4466,18 +4486,27 @@
 	
 	pdb_init_sam(&sam_pass);
 	
-	if ( pdb_getsampwsid(sam_pass, &delete_sid) ) {
-		is_user = True;
+	become_root();	
+
+	ret = pdb_getsampwsid(sam_pass, &delete_sid);
+	
+	if ( ret ) {
+	  is_user = True;
 	} else {
-		/* maybe it is a group */
-		if( !pdb_getgrsid(&map, delete_sid) ) {
-			DEBUG(3,("_samr_remove_sid_foreign_domain: %s is not a user or a group!\n",
-				sid_string_static(&delete_sid)));
-			result = NT_STATUS_INVALID_SID;
-			goto done;
-		}
+	  /* maybe it is a group */
+	  ret = pdb_getgrsid(&map, delete_sid);
+	}
+
+	unbecome_root();
+	
+	if ( !ret ) {
+		DEBUG(3,("_samr_remove_sid_foreign_domain: %s is not a user or a group!\n",
+			sid_string_static(&delete_sid)));
+		result = NT_STATUS_INVALID_SID;
+		goto done;
 	}
 	
+	
 	/* we can only delete a user from a group since we don't have 
 	   nested groups anyways.  So in the latter case, just say OK */
 	   
@@ -4486,7 +4515,10 @@
 		int		num_groups, i;
 		struct group	*grp2;
 		
-		if ( pdb_enum_group_mapping(type, &mappings, &num_groups, False) && num_groups>0 ) {
+		become_root();
+		ret = pdb_enum_group_mapping(type, &mappings, &num_groups, False);
+		unbecome_root();
+		if ( ret && num_groups>0 ) {
 		
 			/* interate over the groups */
 			for ( i=0; i<num_groups; i++ ) {


More information about the samba mailing list