Author: jerry Date: 2005-04-21 17:13:50 +0000 (Thu, 21 Apr 2005) New Revision: 6421
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6421 Log: use add machine script when creating a user (ACB_NORMAL) who has a name ending in '$' (usrmgr.exe does this for domain trusts (that's was jfm's original comment I think). avoid an assert() call in libldap. Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c =================================================================== --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-04-21 12:22:48 UTC (rev 6420) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-04-21 17:13:50 UTC (rev 6421) @@ -3423,7 +3423,8 @@ state->connection->paged_results = False; } - state->current_entry = ldap_first_entry(ld, state->entries); + if ( ld ) + state->current_entry = ldap_first_entry(ld, state->entries); if (state->current_entry == NULL) { ldap_msgfree(state->entries); Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-04-21 12:22:48 UTC (rev 6420) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-04-21 17:13:50 UTC (rev 6421) @@ -1985,13 +1985,15 @@ se_priv_copy( &se_rights, &se_machine_account ); can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); } - else if ( acb_info & ACB_NORMAL ) + /* usrmgr.exe (and net rpc trustdom grant) creates a normal user + account for domain trusts and changes the ACB flags later */ + else if ( acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$') ) { pstrcpy(add_script, lp_adduser_script()); se_priv_copy( &se_rights, &se_add_users ); can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); } - else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) + else /* implicit assumption of a BDC or domain trust account here (we already check the flags earlier) */ { pstrcpy(add_script, lp_addmachine_script()); if ( lp_enable_privileges() ) {