down failures.
Add a 'auto-add on modify' feature to guestsam
Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.
Make the 'private data' a bit more robust.
Andrew Bartlett
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
- NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
+ NTSTATUS nt_status;
SAM_ACCOUNT *account = NULL;
if (!NT_STATUS_IS_OK(nt_status =
auth_get_sam_account(user_info->internal_username.str,
&account))) {
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
+ nt_status = NT_STATUS_NOT_IMPLEMENTED;
return nt_status;
}
nt_status = make_server_info_sam(server_info, account);
} else {
pdb_free_sam(&account);
+ nt_status = NT_STATUS_NOT_IMPLEMENTED;
}
return nt_status;
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
- NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
+ NTSTATUS nt_status;
SAM_ACCOUNT *account = NULL;
pstring rhostsfile;
const char *home;
if (!NT_STATUS_IS_OK(nt_status =
auth_get_sam_account(user_info->internal_username.str,
&account))) {
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
+ nt_status = NT_STATUS_NOT_IMPLEMENTED;
return nt_status;
}
unbecome_root();
} else {
pdb_free_sam(&account);
+ nt_status = NT_STATUS_NOT_IMPLEMENTED;
}
return nt_status;
uint32 unknown_5; /* 0x0002 0000 */
uint32 unknown_6; /* 0x0000 04ec */
+ /* a tag for who added the private methods */
+ const struct pdb_methods *backend_private_methods;
void *backend_private_data;
void (*backend_private_data_free_fn)(void **);
} private;
void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods)
{
- if (sampass && my_methods == sampass->methods)
+ if (sampass && my_methods == sampass->private.backend_private_methods)
return sampass->private.backend_private_data;
else
return NULL;
return False;
/* does this backend 'own' this SAM_ACCOUNT? */
- if (my_methods != sampass->methods)
+ if (my_methods != sampass->private.backend_private_methods)
return False;
if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) {
sampass->private.backend_private_data = private_data;
sampass->private.backend_private_data_free_fn = free_fn;
+ sampass->private.backend_private_methods = my_methods;
return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
}
}
+/***************************************************************************
+ Updates a SAM_ACCOUNT
+
+ This isn't a particulary practical option for pdb_guest. We certainly don't
+ want to twidde the filesystem, so what should we do?
+
+ Current plan is to transparently add the account. It should appear
+ as if the pdb_unix version was modified, but its actually stored somehwere.
+ ****************************************************************************/
+
+static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
+{
+ return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
+}
+
NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
(*pdb_method)->getsampwnam = guestsam_getsampwnam;
(*pdb_method)->getsampwsid = guestsam_getsampwsid;
+ (*pdb_method)->update_sam_account = guestsam_update_sam_account;
/* we should do no group mapping here */
(*pdb_method)->getgrsid = pdb_nop_getgrsid;
{
int rc = -1;
char ** attr_list;
+ uint32 rid;
+
switch ( ldap_state->schema_ver )
{
case SCHEMAVER_SAMBASAMACCOUNT:
break;
case SCHEMAVER_SAMBAACCOUNT:
- {
- uint32 rid;
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
return rc;
}
if ( rc != LDAP_SUCCESS )
return rc;
- }
- break;
+ break;
}
return rc;
}
} else {
ldap_msgfree(result);
}
- return ret;
+ return NT_STATUS_NO_SUCH_USER;
}
/********************************************************************
attr_list = get_userattr_list(ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
free_attr_list( attr_list );
- if (rc != LDAP_SUCCESS)
+ if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
+ }
pdb_set_backend_private_data(newpwd, result, private_data_free_fn, my_methods, PDB_CHANGED);
}
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ DEBUG(4, ("user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn));
+
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
}
}
- /* does the entry already exist but without a samba rttibutes?
+ /* does the entry already exist but without a samba attributes?
we need to return the samba attributes here */
escape_user = escape_ldap_string_alloc( username );
int rc = -1;
int ldap_op;
fstring sid_string;
- char **values;
+ char **values = NULL;
int i;
sid_to_string( sid_string, sid );
snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid));
- values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass");
+ if (entry)
+ values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass");
+
if (values) {
BOOL found_idmap = False;
for (i=0; values[i]; i++) {
struct passwd *passwd;
unid_t id;
int u_type = ID_USERID | ID_QUERY_ONLY;
+ fstring sid_string;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
d_printf("Creating account: %s\n", account);
sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, delta->user_rid);
+ DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), account));
if (!pdb_getsampwsid(sam_account, &user_sid)) {
sam_account_from_delta(sam_account, delta);
+ DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
+ sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account)));
if (!pdb_add_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
account));
}
} else {
sam_account_from_delta(sam_account, delta);
+ DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
+ sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account)));
if (!pdb_update_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
account));