summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-06-14 00:49:02 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-06-14 00:49:02 +0000
commitb85664047c188126e3ba06862198c1acd4f218ac (patch)
treed04ccddd4370fddc7b98dc8d6d7aebd613900049
parent292a51eda152f5e1885f38f3a811e956560f33f0 (diff)
downloadsamba-b85664047c188126e3ba06862198c1acd4f218ac.tar.gz
samba-b85664047c188126e3ba06862198c1acd4f218ac.tar.xz
samba-b85664047c188126e3ba06862198c1acd4f218ac.zip
This patch modifies 'net rpc vampire' to add new and existing users to both
the idmap and the SAM. The basic idea is this: Lookup the user with GetPwnam(), and if they exist then use that uid. This is what people expect. If the user does not exist, try and run the right script. This is also what people expect from previous Samba 3.0 behaviour, where the Get_Pwnam() was at runtime. If the idmap entry for this SID isn't valid, or isn't the right value, modify the idmap to account for this mapping. Also, the same logic is applied to the primary gid - if it has changed, update the user's primary unix group. This patch allows users to be added without a mapping - this is fine for machine accounts, for example. I've given it a quick test against my Win2k DC, and I *think* it's sane. Andrew Bartlett (This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
-rw-r--r--source3/utils/net.c4
-rw-r--r--source3/utils/net_rpc_samsync.c59
2 files changed, 43 insertions, 20 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c
index a18d3e4285c..d8f3264840f 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -710,6 +710,10 @@ static struct functable net_func[] = {
exit(1);
load_interfaces();
+
+ /* this makes sure that when we do things like call scripts,
+ that it won't assert becouse we are not root */
+ sec_init();
if (opt_machine_pass) {
char *user = NULL;
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index ae6f52ebc41..e911fbce55b 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -410,7 +410,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
GROUP_MAP map;
struct group *grp;
DOM_SID sid;
- BOOL try_add = False;
+ struct passwd *passwd;
+ unid_t id;
+ int u_type;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
d_printf("Creating account: %s\n", account);
@@ -418,7 +420,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
if (!NT_STATUS_IS_OK(nt_ret = pdb_init_sam(&sam_account)))
return nt_ret;
- if (!pdb_getsampwnam(sam_account, account)) {
+ if (!(passwd = Get_Pwnam(account))) {
/* Create appropriate user */
if (delta->acb_info & ACB_NORMAL) {
pstrcpy(add_script, lp_adduser_script());
@@ -429,8 +431,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
} else {
DEBUG(1, ("Unknown user type: %s\n",
smbpasswd_encode_acb_info(delta->acb_info)));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_SUCH_USER;
}
if (*add_script) {
int add_ret;
@@ -439,22 +439,22 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
add_ret = smbrun(add_script,NULL);
DEBUG(1,("fetch_account: Running the command `%s' "
"gave %d\n", add_script, add_ret));
- }
- try_add = True;
+ /* try and find the possible unix account again */
+ passwd = Get_Pwnam(account);
+ }
}
sam_account_from_delta(sam_account, delta);
-
- if (try_add) {
- if (!pdb_add_sam_account(sam_account)) {
- DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
- account));
- }
- } else {
+ if (!pdb_add_sam_account(sam_account)) {
+ DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
+ account));
if (!pdb_update_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
account));
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_OK;
+/* return NT_STATUS_ACCESS_DENIED; */
}
}
@@ -466,18 +466,37 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
pdb_free_sam(&sam_account);
return NT_STATUS_NO_SUCH_GROUP;
}
-
- if (!(grp = getgrgid(map.gid))) {
- DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
- map.gid, pdb_get_username(sam_account), sid_string_static(&sid)));
+
+ if (!passwd) {
+ /* if no unix user, changing the mapping won't help */
pdb_free_sam(&sam_account);
- return NT_STATUS_NO_SUCH_GROUP;
+ return NT_STATUS_OK;
+ }
+
+ if (map.gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map.gid))) {
+ DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
+ map.gid, pdb_get_username(sam_account), sid_string_static(&sid)));
+ pdb_free_sam(&sam_account);
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+
+ smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
+ }
+
+ nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
+ if (!NT_STATUS_IS_OK(nt_ret)) {
+ pdb_free_sam(&sam_account);
+ return nt_ret;
}
- smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
+ if ((u_type != ID_USERID) || (id.uid != passwd->pw_uid)) {
+ id.uid = passwd->pw_uid;
+ nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
+ }
pdb_free_sam(&sam_account);
- return NT_STATUS_OK;
+ return nt_ret;
}
static NTSTATUS