PDB_UNKNOWN6,
PDB_LMPASSWD,
PDB_NTPASSWD,
+ PDB_BACKEND_PRIVATE_DATA,
/* this must be the last element */
PDB_COUNT
uint32 unknown_5; /* 0x0002 0000 */
uint32 unknown_6; /* 0x0000 04ec */
+ void *backend_private_data;
+ void (*backend_private_data_free_fn)(void **);
} private;
/* Lets see if the remaining code can get the hint that you
{ LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" },
{ LDAP_ATTR_DOM_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_ALGORITHMIC_RID_BASE,"sambaAlgorithmicRidBase"},
+ { LDAP_ATTR_OBJCLASS, "objectClass" },
{ LDAP_ATTR_LIST_END, NULL },
};
{ LDAP_ATTR_DESC, "description" },
{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
{ LDAP_ATTR_CN, "cn" },
+ { LDAP_ATTR_OBJCLASS, "objectClass" },
{ LDAP_ATTR_LIST_END, NULL }
};
ATTRIB_MAP_ENTRY idpool_attr_list[] = {
{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
+ { LDAP_ATTR_OBJCLASS, "objectClass" },
{ LDAP_ATTR_LIST_END, NULL }
};
{ LDAP_ATTR_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
+ { LDAP_ATTR_OBJCLASS, "objectClass" },
{ LDAP_ATTR_LIST_END, NULL }
};
data_blob_clear_free(&(user->private.nt_pw));
if (user->private.plaintext_pw!=NULL)
memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
+
+ if (user->private.backend_private_data && user->private.backend_private_data_free_fn) {
+ user->private.backend_private_data_free_fn(&user->private.backend_private_data);
+ }
}
return (-1);
}
+void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods)
+{
+ if (sampass && my_methods == sampass->methods)
+ return sampass->private.backend_private_data;
+ else
+ return NULL;
+}
+
/*********************************************************************
Collection of set...() functions for SAM_ACCOUNT.
********************************************************************/
return pdb_set_init_flags(sampass, PDB_HOURS, flag);
}
+BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data,
+ void (*free_fn)(void **),
+ const struct pdb_methods *my_methods,
+ enum pdb_value_state flag)
+{
+ if (!sampass)
+ return False;
+
+ /* does this backend 'own' this SAM_ACCOUNT? */
+ if (my_methods != sampass->methods)
+ return False;
+
+ if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) {
+ sampass->private.backend_private_data_free_fn(&sampass->private.backend_private_data);
+ }
+
+ sampass->private.backend_private_data = private_data;
+ sampass->private.backend_private_data_free_fn = free_fn;
+
+ return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
+}
+
/* Helpful interfaces to the above */
};
+/**********************************************************************
+ Free a LDAPMessage (one is stored on the SAM_ACCOUNT)
+ **********************************************************************/
+
+static void private_data_free_fn(void **result)
+{
+ ldap_memfree(*result);
+ *result = NULL;
+}
+
/**********************************************************************
get the attribute name given a user schame version
**********************************************************************/
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
}
- ldap_msgfree(result);
+ pdb_set_backend_private_data(user, result,
+ private_data_free_fn,
+ my_methods, PDB_CHANGED);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
}
+ pdb_set_backend_private_data(user, result,
+ private_data_free_fn,
+ my_methods, PDB_CHANGED);
ret = NT_STATUS_OK;
+ } else {
+ ldap_msgfree(result);
}
- ldap_msgfree(result);
return ret;
}
LDAPMod **mods;
char **attr_list;
- attr_list = get_userattr_list(ldap_state->schema_ver);
- rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
- free_attr_list( attr_list );
- if (rc != LDAP_SUCCESS)
- return NT_STATUS_UNSUCCESSFUL;
+ result = pdb_get_backend_private_data(newpwd, my_methods);
+ if (!result) {
+ attr_list = get_userattr_list(ldap_state->schema_ver);
+ rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
+ free_attr_list( attr_list );
+ if (rc != LDAP_SUCCESS)
+ return NT_STATUS_UNSUCCESSFUL;
+ pdb_set_backend_private_data(newpwd, result, private_data_free_fn, my_methods, PDB_CHANGED);
+ }
if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) {
DEBUG(0, ("No user to modify!\n"));
- ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
- ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
- ldap_msgfree(result);
-
if (mods == NULL) {
DEBUG(4,("mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
SAFE_FREE(map);
}
+ /* Fill in the SID for the administrator account. */
+ id.uid = 0;
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, DOMAIN_USER_RID_ADMIN);
+
+ if (!NT_STATUS_IS_OK(wellknown_id_init(&sid, id, ID_USERID))) {
+ DEBUG(0, ("Failed to setup UID mapping for ADMINISTRATOR (%s) to (%u)\n",
+ sid_to_string(sid_string, &sid), (unsigned int)id.uid));
+ return False;
+ }
+
return True;
}
SAM_ACCOUNT *sam_account=NULL;
GROUP_MAP map;
struct group *grp;
- DOM_SID sid;
+ DOM_SID user_sid;
+ DOM_SID group_sid;
struct passwd *passwd;
unid_t id;
- int u_type;
+ int u_type = ID_USERID | ID_QUERY_ONLY;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
d_printf("Creating account: %s\n", account);
passwd = Get_Pwnam(account);
}
}
+
+ sid_copy(&user_sid, get_global_sam_sid());
+ sid_append_rid(&user_sid, delta->user_rid);
- sam_account_from_delta(sam_account, delta);
- if (!pdb_add_sam_account(sam_account)) {
- DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
- account));
+ if (!pdb_getsampwsid(sam_account, &user_sid)) {
+ sam_account_from_delta(sam_account, delta);
+ if (!pdb_add_sam_account(sam_account)) {
+ DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
+ account));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ } else {
+ sam_account_from_delta(sam_account, delta);
if (!pdb_update_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
account));
pdb_free_sam(&sam_account);
- return NT_STATUS_OK;
-/* return NT_STATUS_ACCESS_DENIED; */
+ return NT_STATUS_ACCESS_DENIED;
}
}
- sid = *pdb_get_group_sid(sam_account);
+ group_sid = *pdb_get_group_sid(sam_account);
- if (!pdb_getgrsid(&map, sid)) {
+ if (!pdb_getgrsid(&map, group_sid)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_SUCH_GROUP;
- }
-
+ } else {
+ if (map.gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map.gid))) {
+ DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
+ map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid)));
+ } else {
+ smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
+ }
+ }
+ }
+
if (!passwd) {
+ DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account)));
/* if no unix user, changing the mapping won't help */
- pdb_free_sam(&sam_account);
- return NT_STATUS_OK;
- }
-
- if (map.gid != passwd->pw_gid) {
- if (!(grp = getgrgid(map.gid))) {
- DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n",
- map.gid, pdb_get_username(sam_account), sid_string_static(&sid)));
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_SUCH_GROUP;
+ } else {
+ nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
+ if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) {
+
+ } else {
+ /* set mapping */
+
+ id.uid = passwd->pw_uid;
+ nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
}
-
- smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
- }
-
- nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account));
- if (!NT_STATUS_IS_OK(nt_ret)) {
- pdb_free_sam(&sam_account);
- return nt_ret;
- }
-
- if ((u_type != ID_USERID) || (id.uid != passwd->pw_uid)) {
- id.uid = passwd->pw_uid;
- nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID);
}
pdb_free_sam(&sam_account);
ZERO_STRUCT(ret_creds);
+ if (!idmap_init(lp_idmap_backend())) {
+ d_printf("Could not init idmap\n");
+ return -1;
+ }
+
/* Connect to remote machine */
if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS |
NET_FLAGS_PDC))) {