sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

fixes for 'net rpc vampire'. I can now take a blank Samba host

Browse Source 
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)

removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3)
This commit is contained in:
Gerald Carter 2003-07-16 02:20:53 +00:00
parent 6b814c9908
commit a84270ce11
5 changed files with 47 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
source3/groupdb/mapping.c
View File

@ -714,8 +714,10 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
int smb_create_group(char *unix_group, gid_t *new_gid)
{
pstring add_script;
int ret;
int fd = 0;
int ret = -1;
int fd = 0;
*new_gid = 0;
/* defer to scripts */
@ -734,22 +736,9 @@ int smb_create_group(char *unix_group, gid_t *new_gid)
if (read(fd, output, sizeof(output)) > 0) {
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
close(fd);
if (*new_gid == 0) {
/* The output was garbage. We assume nobody
will create group 0 via smbd. Now we try to
get the group via getgrnam. */
struct group *grp = getgrnam(unix_group);
if (grp != NULL)
*new_gid = grp->gr_gid;
else
return 1;
}
}
return 0;
}
/* Try winbindd */
@ -757,10 +746,17 @@ int smb_create_group(char *unix_group, gid_t *new_gid)
if ( winbind_create_group( unix_group, NULL ) ) {
DEBUG(3,("smb_create_group: winbindd created the group (%s)\n",
unix_group));
return 0;
ret = 0;
}
if (*new_gid == 0) {
struct group *grp = getgrnam(unix_group);
if (grp != NULL)
*new_gid = grp->gr_gid;
}
return -1;
return ret;
}
/****************************************************************************

35
source3/nsswitch/wb_client.c
View File

@ -315,6 +315,9 @@ BOOL winbind_create_user( const char *name, uint32 *rid )
DEBUG(10,("winbind_create_user: %s\n", name));
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* see if the caller wants a new RID returned */
if ( rid )
@ -323,8 +326,6 @@ BOOL winbind_create_user( const char *name, uint32 *rid )
fstrcpy( request.data.acct_mgt.username, name );
fstrcpy( request.data.acct_mgt.groupname, "" );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_CREATE_USER, &request, &response);
if ( rid )
@ -351,6 +352,9 @@ BOOL winbind_create_group( const char *name, uint32 *rid )
DEBUG(10,("winbind_create_group: %s\n", name));
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* see if the caller wants a new RID returned */
if ( rid )
@ -358,7 +362,6 @@ BOOL winbind_create_group( const char *name, uint32 *rid )
fstrcpy( request.data.acct_mgt.groupname, name );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response);
@ -384,14 +387,15 @@ BOOL winbind_add_user_to_group( const char *user, const char *group )
if ( !user || !group )
return False;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n",
user, group));
fstrcpy( request.data.acct_mgt.username, user );
fstrcpy( request.data.acct_mgt.groupname, group );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response);
return result == NSS_STATUS_SUCCESS;
@ -413,12 +417,12 @@ BOOL winbind_remove_user_from_group( const char *user, const char *group )
if ( !user || !group )
return False;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n",
user, group));
fstrcpy( request.data.acct_mgt.username, user );
fstrcpy( request.data.acct_mgt.groupname, group );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
@ -442,14 +446,15 @@ BOOL winbind_set_user_primary_group( const char *user, const char *group )
if ( !user || !group )
return False;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n",
user, group));
fstrcpy( request.data.acct_mgt.username, user );
fstrcpy( request.data.acct_mgt.groupname, group );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response);
return result == NSS_STATUS_SUCCESS;
@ -472,12 +477,13 @@ BOOL winbind_delete_user( const char *user )
if ( !user )
return False;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
DEBUG(10,("winbind_delete_user: user (%s)\n", user));
fstrcpy( request.data.acct_mgt.username, user );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_DELETE_USER, &request, &response);
return result == NSS_STATUS_SUCCESS;
@ -499,12 +505,13 @@ BOOL winbind_delete_group( const char *group )
if ( !group )
return False;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
DEBUG(10,("winbind_delete_group: group (%s)\n", group));
fstrcpy( request.data.acct_mgt.groupname, group );
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response);
return result == NSS_STATUS_SUCCESS;

3
source3/nsswitch/winbindd.c
View File

@ -883,9 +883,6 @@ int main(int argc, char **argv)
if (!idmap_init(lp_idmap_backend()))
return 1;
if (!idmap_init_wellknown_sids())
exit(1);
/* Unblock all signals we are interested in as they may have been
blocked by the parent process. */

6
source3/passdb/passdb.c
View File

@ -1053,9 +1053,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
struct passwd *unix_pw;
BOOL ret;
winbind_off();
unix_pw = sys_getpwuid( uid );
winbind_on();
if ( !unix_pw ) {
DEBUG(4,("local_uid_to_sid: host has know idea of uid %d\n", uid));
@ -1114,8 +1112,6 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
return False;
}
/* lookup the user account */
if ( !NT_STATUS_IS_OK(pdb_init_sam(&sampw)) ) {
@ -1134,9 +1130,7 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
user_name = pdb_get_username(sampw);
winbind_off();
unix_pw = sys_getpwnam( user_name );
winbind_on();
if ( !unix_pw ) {
DEBUG(0,("local_sid_to_uid: %s found in passdb but getpwnam() return NULL!\n",

37
source3/utils/net_rpc_samsync.c
View File

@ -412,8 +412,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
DOM_SID user_sid;
DOM_SID group_sid;
struct passwd *passwd;
unid_t id;
int u_type = ID_USERID | ID_QUERY_ONLY;
fstring sid_string;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
@ -497,19 +495,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
}
}
if (!passwd) {
DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account)));
/* if no unix user, changing the mapping won't help */
} else {
nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) {
} else {
/* set mapping */
id.uid = passwd->pw_uid;
nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
}
if ( !passwd ) {
DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
pdb_get_username(sam_account)));
}
pdb_free_sam(&sam_account);
@ -536,21 +524,25 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
sid_to_string(sid_string, &group_sid);
if (pdb_getgrsid(&map, group_sid)) {
grp = getgrgid(map.gid);
if ( map.gid != -1 )
grp = getgrgid(map.gid);
insert = False;
}
if (grp == NULL)
{
if (grp == NULL) {
gid_t gid;
/* No group found from mapping, find it from its name. */
if ((grp = getgrnam(name)) == NULL) {
/* No appropriate group found, create one */
d_printf("Creating unix group: '%s'\n", name);
if (smb_create_group(name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
if ((grp = getgrgid(gid)) == NULL)
if ((grp = getgrnam(name)) == NULL)
return NT_STATUS_ACCESS_DENIED;
}
}
@ -997,11 +989,6 @@ int rpc_vampire(int argc, const char **argv)
ZERO_STRUCT(ret_creds);
if (!idmap_init(lp_idmap_backend())) {
d_printf("Could not init idmap\n");
return -1;
}
/* Connect to remote machine */
if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS |
NET_FLAGS_PDC))) {
@ -1027,7 +1014,7 @@ int rpc_vampire(int argc, const char **argv)
goto fail;
}
dom_sid = *get_global_sam_sid();
sid_copy( &dom_sid, get_global_sam_sid() );
result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid);
if (!NT_STATUS_IS_OK(result)) {