TALLOC_CTX *mem_ctx,
const char *account_name,
uint32_t acct_flags,
+ const struct dom_sid *forced_sid,
struct dom_sid **sid,
struct ldb_dn **dn)
{
DEBUG(0,("Failed to start a transaction for user creation: %s\n",
ldb_errstring(ldb)));
talloc_free(tmp_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return NT_STATUS_LOCK_NOT_GRANTED;
}
/* check if the user already exists */
ldb_msg_add_string(msg, "sAMAccountName", account_name);
ldb_msg_add_string(msg, "objectClass", obj_class);
+ /* This is only here for migrations using pdb_samba4, the
+ * caller and the samldb are responsible for ensuring it makes
+ * sense */
+ if (forced_sid) {
+ ret = samdb_msg_add_dom_sid(ldb, msg, msg, "objectSID", forced_sid);
+ if (ret != LDB_SUCCESS) {
+ ldb_transaction_cancel(ldb);
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
+
/* create the user */
ret = ldb_add(ldb, msg);
switch (ret) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
*dn = talloc_steal(mem_ctx, account_dn);
- *sid = talloc_steal(mem_ctx, account_sid);
+ if (sid) {
+ *sid = talloc_steal(mem_ctx, account_sid);
+ }
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+ if (ldb_transaction_start(ldb) != LDB_SUCCESS) {
+ DEBUG(0, ("Failed to start transaction in dsdb_add_domain_alias(): %s\n", ldb_errstring(ldb)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
/* Check if alias already exists */
name = samdb_search_string(ldb, tmp_ctx, NULL,
"sAMAccountName",
if (name != NULL) {
talloc_free(tmp_ctx);
+ ldb_transaction_cancel(ldb);
return NT_STATUS_ALIAS_EXISTS;
}
msg = ldb_msg_new(tmp_ctx);
if (msg == NULL) {
talloc_free(tmp_ctx);
+ ldb_transaction_cancel(ldb);
return NT_STATUS_NO_MEMORY;
}
ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=Users", alias_name);
if (!msg->dn) {
talloc_free(tmp_ctx);
+ ldb_transaction_cancel(ldb);
return NT_STATUS_NO_MEMORY;
}
break;
case LDB_ERR_ENTRY_ALREADY_EXISTS:
talloc_free(tmp_ctx);
+ ldb_transaction_cancel(ldb);
return NT_STATUS_ALIAS_EXISTS;
case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS:
talloc_free(tmp_ctx);
+ ldb_transaction_cancel(ldb);
return NT_STATUS_ACCESS_DENIED;
default:
DEBUG(0,("Failed to create alias record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb)));
talloc_free(tmp_ctx);
+ ldb_transaction_cancel(ldb);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
alias_sid = samdb_search_dom_sid(ldb, tmp_ctx,
msg->dn, "objectSid", NULL);
+ if (ldb_transaction_commit(ldb) != LDB_SUCCESS) {
+ DEBUG(0, ("Failed to commit transaction in dsdb_add_domain_alias(): %s\n",
+ ldb_errstring(ldb)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
*dn = talloc_steal(mem_ctx, msg->dn);
*sid = talloc_steal(mem_ctx, alias_sid);
talloc_free(tmp_ctx);
+
return NT_STATUS_OK;
}