svn commit: samba r6421 - in branches/SAMBA_3_0/source: passdb rpc_server

Thu, 21 Apr 2005 10:14:16 -0700 

Author: jerry
Date: 2005-04-21 17:13:50 +0000 (Thu, 21 Apr 2005)
New Revision: 6421

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6421

Log:
use add machine script when creating a user (ACB_NORMAL)
who has a name ending in '$' (usrmgr.exe does this for
domain trusts (that's was jfm's original comment I think).

avoid an assert() call in libldap.


Modified:
   branches/SAMBA_3_0/source/passdb/pdb_ldap.c
   branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-04-21 12:22:48 UTC (rev 
6420)
+++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-04-21 17:13:50 UTC (rev 
6421)
@@ -3423,7 +3423,8 @@
                state->connection->paged_results = False;
        }
 
-       state->current_entry = ldap_first_entry(ld, state->entries);
+       if ( ld )
+               state->current_entry = ldap_first_entry(ld, state->entries);
 
        if (state->current_entry == NULL) {
                ldap_msgfree(state->entries);

Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c  2005-04-21 12:22:48 UTC 
(rev 6420)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c  2005-04-21 17:13:50 UTC 
(rev 6421)
@@ -1985,13 +1985,15 @@
                se_priv_copy( &se_rights, &se_machine_account );
                can_add_account = user_has_privileges( 
p->pipe_user.nt_user_token, &se_rights );
        } 
-       else if ( acb_info & ACB_NORMAL )
+       /* usrmgr.exe (and net rpc trustdom grant) creates a normal user 
+          account for domain trusts and changes the ACB flags later */
+       else if ( acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$') )
        {
                pstrcpy(add_script, lp_adduser_script());
                se_priv_copy( &se_rights, &se_add_users );
                can_add_account = user_has_privileges( 
p->pipe_user.nt_user_token, &se_rights );
        } 
-       else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) 
+       else    /* implicit assumption of a BDC or domain trust account here 
(we already check the flags earlier) */
        {
                pstrcpy(add_script, lp_addmachine_script());
                if ( lp_enable_privileges() ) {

Reply via email to