Now that Volker fixed the real issues with ldapsam and adding null attributes
authorAndrew Bartlett <abartlet@samba.org>
Wed, 23 Apr 2003 01:04:20 +0000 (01:04 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 23 Apr 2003 01:04:20 +0000 (01:04 +0000)
etc, move the SAMR create_user code back to using the 'pdb_init_sam_pw' method
to fill out the attributes.

This is basicly the same code, but we really didn't need the duplication.

Also, take advantage of the fact that RIDs will always be returned back into
the SAM_ACCOUNT on ADD, so we don't need to duplicate the 'get'.

This should also help in sites with replicated LDAP - the second fetch might
occour before the first is replicated back.

Andrew Bartlett
(This used to be commit 39714c24fd9da4701d4fe69ddd3d61a25254409f)

source3/rpc_server/srv_samr_nt.c

index 794fea56df612f87600cd050503c587b146e0f2e..7b2cd78dc63a61e630ec6f2f1de0131ededb40ee 100644 (file)
@@ -2205,6 +2205,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
        uint32 acc_granted;
        SEC_DESC *psd;
        size_t    sd_size;
+       /* check this, when giving away 'add computer to domain' privs */
        uint32    des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
 
        /* Get the domain SID stored in the domain policy */
@@ -2290,50 +2291,26 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
                DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
        }
        
-       if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) {
-               return nt_status;
-       }
-               
        pw = getpwnam_alloc(account);
 
        if (pw) {
-               DOM_SID user_sid;
-               DOM_SID group_sid;
-               if (!uid_to_sid(&user_sid, pw->pw_uid)) {
-                       passwd_free(&pw); /* done with this now */
-                       pdb_free_sam(&sam_pass);
-                       DEBUG(1, ("_api_samr_create_user: uid_to_sid failed, cannot add user.\n"));
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-
-               if (!pdb_set_user_sid(sam_pass, &user_sid, PDB_CHANGED)) {
-                       passwd_free(&pw); /* done with this now */
-                       pdb_free_sam(&sam_pass);
-                       return NT_STATUS_NO_MEMORY;
-               }
-
-               if (!gid_to_sid(&group_sid, pw->pw_gid)) {
-                       passwd_free(&pw); /* done with this now */
-                       pdb_free_sam(&sam_pass);
-                       DEBUG(1, ("_api_samr_create_user: gid_to_sid failed, cannot add user.\n"));
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-
-               if (!pdb_set_group_sid(sam_pass, &group_sid, PDB_CHANGED)) {
-                       passwd_free(&pw); /* done with this now */
+               nt_status = pdb_init_sam_pw(&sam_pass, pw);
+               passwd_free(&pw); /* done with this now */
+               if (!NT_STATUS_IS_OK(nt_status)) {
                        pdb_free_sam(&sam_pass);
-                       return NT_STATUS_NO_MEMORY;
+                       return nt_status;
                }
-
-               passwd_free(&pw); /* done with this now */
        } else {
                DEBUG(3,("attempting to create non-unix account %s\n", account));
                
+               if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) {
+                       return nt_status;
                }
                
                if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
                        pdb_free_sam(&sam_pass);
                        return NT_STATUS_NO_MEMORY;
+               }
        }
 
        pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
@@ -2344,15 +2321,6 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
                          account));
                return NT_STATUS_ACCESS_DENIED;         
        }
-
-       pdb_reset_sam(sam_pass);
-       
-       if (!pdb_getsampwnam(sam_pass, account)) {
-               pdb_free_sam(&sam_pass);
-               DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", 
-                         account));
-               return NT_STATUS_ACCESS_DENIED;         
-       }
        
        /* Get the user's SID */
        sid_copy(&sid, pdb_get_user_sid(sam_pass));