int smb_create_group(char *unix_group, gid_t *new_gid)
{
pstring add_script;
- int ret;
- int fd = 0;
+ int ret = -1;
+ int fd = 0;
+
+ *new_gid = 0;
/* defer to scripts */
if (read(fd, output, sizeof(output)) > 0) {
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
+
close(fd);
-
- if (*new_gid == 0) {
- /* The output was garbage. We assume nobody
- will create group 0 via smbd. Now we try to
- get the group via getgrnam. */
-
- struct group *grp = getgrnam(unix_group);
- if (grp != NULL)
- *new_gid = grp->gr_gid;
- else
- return 1;
- }
}
-
- return 0;
}
/* Try winbindd */
if ( winbind_create_group( unix_group, NULL ) ) {
DEBUG(3,("smb_create_group: winbindd created the group (%s)\n",
unix_group));
- return 0;
+ ret = 0;
+ }
+
+ if (*new_gid == 0) {
+ struct group *grp = getgrnam(unix_group);
+
+ if (grp != NULL)
+ *new_gid = grp->gr_gid;
}
- return -1;
+ return ret;
}
/****************************************************************************
DEBUG(10,("winbind_create_user: %s\n", name));
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
/* see if the caller wants a new RID returned */
if ( rid )
fstrcpy( request.data.acct_mgt.username, name );
fstrcpy( request.data.acct_mgt.groupname, "" );
- ZERO_STRUCT(response);
-
result = winbindd_request( WINBINDD_CREATE_USER, &request, &response);
if ( rid )
DEBUG(10,("winbind_create_group: %s\n", name));
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
/* see if the caller wants a new RID returned */
if ( rid )
fstrcpy( request.data.acct_mgt.groupname, name );
- ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response);
if ( !user || !group )
return False;
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n",
user, group));
fstrcpy( request.data.acct_mgt.username, user );
fstrcpy( request.data.acct_mgt.groupname, group );
- ZERO_STRUCT(response);
-
result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response);
return result == NSS_STATUS_SUCCESS;
if ( !user || !group )
return False;
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n",
user, group));
- fstrcpy( request.data.acct_mgt.username, user );
- fstrcpy( request.data.acct_mgt.groupname, group );
-
ZERO_STRUCT(response);
result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
if ( !user || !group )
return False;
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n",
user, group));
fstrcpy( request.data.acct_mgt.username, user );
fstrcpy( request.data.acct_mgt.groupname, group );
- ZERO_STRUCT(response);
-
result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response);
return result == NSS_STATUS_SUCCESS;
if ( !user )
return False;
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
DEBUG(10,("winbind_delete_user: user (%s)\n", user));
fstrcpy( request.data.acct_mgt.username, user );
- ZERO_STRUCT(response);
-
result = winbindd_request( WINBINDD_DELETE_USER, &request, &response);
return result == NSS_STATUS_SUCCESS;
if ( !group )
return False;
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
DEBUG(10,("winbind_delete_group: group (%s)\n", group));
fstrcpy( request.data.acct_mgt.groupname, group );
- ZERO_STRUCT(response);
-
result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response);
return result == NSS_STATUS_SUCCESS;
if (!idmap_init(lp_idmap_backend()))
return 1;
- if (!idmap_init_wellknown_sids())
- exit(1);
-
/* Unblock all signals we are interested in as they may have been
blocked by the parent process. */
struct passwd *unix_pw;
BOOL ret;
- winbind_off();
unix_pw = sys_getpwuid( uid );
- winbind_on();
if ( !unix_pw ) {
DEBUG(4,("local_uid_to_sid: host has know idea of uid %d\n", uid));
return False;
}
-
-
/* lookup the user account */
if ( !NT_STATUS_IS_OK(pdb_init_sam(&sampw)) ) {
user_name = pdb_get_username(sampw);
- winbind_off();
unix_pw = sys_getpwnam( user_name );
- winbind_on();
if ( !unix_pw ) {
DEBUG(0,("local_sid_to_uid: %s found in passdb but getpwnam() return NULL!\n",
DOM_SID user_sid;
DOM_SID group_sid;
struct passwd *passwd;
- unid_t id;
- int u_type = ID_USERID | ID_QUERY_ONLY;
fstring sid_string;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
}
}
- if (!passwd) {
- DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account)));
- /* if no unix user, changing the mapping won't help */
- } else {
- nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
- if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) {
-
- } else {
- /* set mapping */
-
- id.uid = passwd->pw_uid;
- nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
- }
+ if ( !passwd ) {
+ DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
+ pdb_get_username(sam_account)));
}
pdb_free_sam(&sam_account);
sid_to_string(sid_string, &group_sid);
if (pdb_getgrsid(&map, group_sid)) {
- grp = getgrgid(map.gid);
+ if ( map.gid != -1 )
+ grp = getgrgid(map.gid);
insert = False;
}
- if (grp == NULL)
- {
+ if (grp == NULL) {
gid_t gid;
/* No group found from mapping, find it from its name. */
if ((grp = getgrnam(name)) == NULL) {
+
/* No appropriate group found, create one */
+
d_printf("Creating unix group: '%s'\n", name);
+
if (smb_create_group(name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
- if ((grp = getgrgid(gid)) == NULL)
+
+ if ((grp = getgrnam(name)) == NULL)
return NT_STATUS_ACCESS_DENIED;
}
}
ZERO_STRUCT(ret_creds);
- if (!idmap_init(lp_idmap_backend())) {
- d_printf("Could not init idmap\n");
- return -1;
- }
-
/* Connect to remote machine */
if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS |
NET_FLAGS_PDC))) {
goto fail;
}
- dom_sid = *get_global_sam_sid();
+ sid_copy( &dom_sid, get_global_sam_sid() );
result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid);
if (!NT_STATUS_IS_OK(result)) {