r23407: While verifying a bug I found out that for some reason

the code to add a machine was different then the one used
to add a user, the old code led to the machine SID not being
built out correctly allocationg a new RID out of the passdb
but instead by using the old algorithmic method.
This may easily end up in creating duplicated SID when the
RID counter get close to the values built by the algorithmic method.

Simo.
(This used to be commit e077142aa39ad927a16e0d04874857bbc171ce07)

diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index a598828d927602c6a2048a6e455eaf525d2f01c8..5dff7e5a93fba649efa8adc26ace1136588f4d3c 100644 (file)
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -624,28 +624,25 @@ static int new_machine (struct pdb_methods *in, const char *machine_in)
        fstrcpy(machineaccount, machinename);
        fstrcat(machineaccount, "$");
 
-       if ((pwd = getpwnam_alloc(NULL, machineaccount))) {
-
-               if ( (sam_pwent = samu_new( NULL )) == NULL ) {
-                       fprintf(stderr, "Memory allocation error!\n");
-                       TALLOC_FREE(pwd);
-                       return -1;
-               }
+       if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) {
+               DEBUG(0,("Cannot locate Unix account for %s\n", machineaccount));
+               return -1;
+       }
 
-               if ( !NT_STATUS_IS_OK(samu_set_unix(sam_pwent, pwd )) ) {
-                       fprintf(stderr, "Could not init sam from pw\n");
-                       TALLOC_FREE(pwd);
-                       return -1;
-               }
+       if ( (sam_pwent = samu_new( NULL )) == NULL ) {
+               fprintf(stderr, "Memory allocation error!\n");
+               TALLOC_FREE(pwd);
+               return -1;
+       }
 
+       if ( !NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd )) ) {
+               fprintf(stderr, "Could not init sam from pw\n");
                TALLOC_FREE(pwd);
-       } else {
-               if ( (sam_pwent = samu_new( NULL )) == NULL ) {
-                       fprintf(stderr, "Could not init sam from pw\n");
-                       return -1;
-               }
+               return -1;
        }
 
+       TALLOC_FREE(pwd);
+
        pdb_set_plaintext_passwd (sam_pwent, machinename);
        pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED);      
        pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);