Set our 'global sam name' in one place. For domain controllers, this is

lp_workgroup(), for all other server this is global_myname().

This is the name of the domain for accounts on *this* system, and getting
this wrong caused interesting bugs with 'take ownership' on member servers
and standalone servers at Snap.

(They lookup the username that they got, then convert that to a SID - but
becouse the domain out of the smbpasswd entry was wrong, we would fail the
lookup).

Andrew Bartlett
(This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index bbccb86d82f2e689705a0ca69f4d266b4bf25127..c3afcbc7d99f6a5bf648508b2d09f9782f6cbcb1 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -26,11 +26,13 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
 
-/*
- * This is set on startup - it defines the SID for this
- * machine, and therefore the SAM database for which it is
- * responsible.
- */
+const char *get_global_sam_name() 
+{
+       if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
+               return lp_workgroup();
+       }
+       return global_myname();
+}
 
 /************************************************************
  Fill the SAM_ACCOUNT with default values.
@@ -182,7 +184,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
 
        pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
 
-       pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
+       pdb_set_domain (sam_account, get_global_sam_name(), PDB_DEFAULT);
 
        pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
        pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 4abc7b569cb8772cc4b0d4cfdff9ad4eb34b34b6..021b2e621e6f5455b6e66b9ee3a895dbaf5f4451 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3144,7 +3144,7 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met
                ldap_state->uri = "ldap://localhost";
        }
 
-       ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, lp_workgroup());
+       ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, get_global_sam_name());
        if (!ldap_state->domain_name) {
                return NT_STATUS_NO_MEMORY;
        }

diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index cd66cf269c8eedb6f0792160bc1ab179528d35f9..cfbb37ce9197d6d193ea8a61945c670f47b3728a 100644 (file)
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1215,7 +1215,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
                        */
                        pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET); 
                        pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
-                       pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
+                       pdb_set_domain (sam_pass, get_global_sam_name(), PDB_DEFAULT);
                        
                } else {
                        DEBUG(0,("build_sam_account: smbpasswd database is corrupt!  username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e7e13d7a84ee16e6a502e8b89f13255dbcf31ffa..2a24d7faa571869e56ff6aca1a13e549785aa523 100644 (file)
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -547,7 +547,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
                switch (lp_server_role()) {
                        case ROLE_DOMAIN_PDC:
                        case ROLE_DOMAIN_BDC:
-                               name = lp_workgroup();
+                               name = get_global_sam_name();
                                sid = get_global_sam_sid();
                                break;
                        case ROLE_DOMAIN_MEMBER:
@@ -573,23 +573,8 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
                        return NT_STATUS_ACCESS_DENIED;
 
                /* Request PolicyAccountDomainInformation. */
-               switch (lp_server_role()) {
-                       case ROLE_DOMAIN_PDC:
-                       case ROLE_DOMAIN_BDC:
-                               name = lp_workgroup();
-                               sid = get_global_sam_sid();
-                               break;
-                       case ROLE_DOMAIN_MEMBER:
-                               name = global_myname();
-                               sid = get_global_sam_sid();
-                               break;
-                       case ROLE_STANDALONE:
-                               name = global_myname();
-                               sid = get_global_sam_sid();
-                               break;
-                       default:
-                               return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-               }
+               name = get_global_sam_name();
+               sid = get_global_sam_sid();
                init_dom_query(&r_u->dom.id5, name, sid);
                break;
        case 0x06:
@@ -1240,7 +1225,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
                switch (lp_server_role()) {
                        case ROLE_DOMAIN_PDC:
                        case ROLE_DOMAIN_BDC:
-                               nb_name = lp_workgroup();
+                               nb_name = get_global_sam_name();
                                /* ugly temp hack for these next two */
 
                                /* This should be a 'netbios domain -> DNS domain' mapping */

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 62d5f8ab0c48493bace04763a491ec3cbe8bc2f5..970756d47c83138c7447b53c0d03abbb32901de4 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2575,14 +2575,7 @@ NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_EN
                return r_u->status;
        }
 
-       switch (lp_server_role()) {
-       case ROLE_DOMAIN_PDC:
-       case ROLE_DOMAIN_BDC:
-               name = lp_workgroup();
-               break;
-       default:
-               name = global_myname();
-       }
+       name = get_global_sam_name();
 
        fstrcpy(dom[0],name);
        strupper(dom[0]);