mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
This patch modifies 'net rpc vampire' to add new and existing users to both
the idmap and the SAM. The basic idea is this: Lookup the user with GetPwnam(), and if they exist then use that uid. This is what people expect. If the user does not exist, try and run the right script. This is also what people expect from previous Samba 3.0 behaviour, where the Get_Pwnam() was at runtime. If the idmap entry for this SID isn't valid, or isn't the right value, modify the idmap to account for this mapping. Also, the same logic is applied to the primary gid - if it has changed, update the user's primary unix group. This patch allows users to be added without a mapping - this is fine for machine accounts, for example. I've given it a quick test against my Win2k DC, and I *think* it's sane. Andrew Bartlett (This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
This commit is contained in:
Andrew Bartlett
parent
292a51eda1
commit
b85664047c
@ -710,6 +710,10 @@ static struct functable net_func[] = {
|
||||
exit(1);
|
||||
|
||||
load_interfaces();
|
||||
|
||||
/* this makes sure that when we do things like call scripts,
|
||||
that it won't assert becouse we are not root */
|
||||
sec_init();
|
||||
|
||||
if (opt_machine_pass) {
|
||||
char *user = NULL;
|
||||
|
||||
@ -410,7 +410,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
GROUP_MAP map;
|
||||
struct group *grp;
|
||||
DOM_SID sid;
|
||||
BOOL try_add = False;
|
||||
struct passwd *passwd;
|
||||
unid_t id;
|
||||
int u_type;
|
||||
|
||||
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
|
||||
d_printf("Creating account: %s\n", account);
|
||||
@ -418,7 +420,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
if (!NT_STATUS_IS_OK(nt_ret = pdb_init_sam(&sam_account)))
|
||||
return nt_ret;
|
||||
|
||||
if (!pdb_getsampwnam(sam_account, account)) {
|
||||
if (!(passwd = Get_Pwnam(account))) {
|
||||
/* Create appropriate user */
|
||||
if (delta->acb_info & ACB_NORMAL) {
|
||||
pstrcpy(add_script, lp_adduser_script());
|
||||
@ -429,8 +431,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
} else {
|
||||
DEBUG(1, ("Unknown user type: %s\n",
|
||||
smbpasswd_encode_acb_info(delta->acb_info)));
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
if (*add_script) {
|
||||
int add_ret;
|
||||
@ -439,22 +439,22 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
add_ret = smbrun(add_script,NULL);
|
||||
DEBUG(1,("fetch_account: Running the command `%s' "
|
||||
"gave %d\n", add_script, add_ret));
|
||||
}
|
||||
|
||||
try_add = True;
|
||||
/* try and find the possible unix account again */
|
||||
passwd = Get_Pwnam(account);
|
||||
}
|
||||
}
|
||||
|
||||
sam_account_from_delta(sam_account, delta);
|
||||
|
||||
if (try_add) {
|
||||
if (!pdb_add_sam_account(sam_account)) {
|
||||
DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
|
||||
account));
|
||||
}
|
||||
} else {
|
||||
if (!pdb_add_sam_account(sam_account)) {
|
||||
DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
|
||||
account));
|
||||
if (!pdb_update_sam_account(sam_account)) {
|
||||
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
|
||||
account));
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_OK;
|
||||
/* return NT_STATUS_ACCESS_DENIED; */
|
||||
}
|
||||
}
|
||||
|
||||
@ -466,18 +466,37 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
if (!(grp = getgrgid(map.gid))) {
|
||||
DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
|
||||
map.gid, pdb_get_username(sam_account), sid_string_static(&sid)));
|
||||
|
||||
if (!passwd) {
|
||||
/* if no unix user, changing the mapping won't help */
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if (map.gid != passwd->pw_gid) {
|
||||
if (!(grp = getgrgid(map.gid))) {
|
||||
DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
|
||||
map.gid, pdb_get_username(sam_account), sid_string_static(&sid)));
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
|
||||
}
|
||||
|
||||
nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
|
||||
if (!NT_STATUS_IS_OK(nt_ret)) {
|
||||
pdb_free_sam(&sam_account);
|
||||
return nt_ret;
|
||||
}
|
||||
|
||||
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
|
||||
if ((u_type != ID_USERID) || (id.uid != passwd->pw_uid)) {
|
||||
id.uid = passwd->pw_uid;
|
||||
nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
|
||||
}
|
||||
|
||||
pdb_free_sam(&sam_account);
|
||||
return NT_STATUS_OK;
|
||||
return nt_ret;
|
||||
}
|
||||
|
||||
static NTSTATUS
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user