Author: abartlet Date: 2007-07-30 10:30:34 +0000 (Mon, 30 Jul 2007) New Revision: 24080
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24080 Log: Set the primary group (matching windows) when creating new users in SAMR. This can't be done in the ldb templates code, as it doesn't happen over direct LDAP. As noted in bug #4829. Andrew Bartlett Modified: branches/SAMBA_4_0/source/librpc/idl/security.idl branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/security.idl =================================================================== --- branches/SAMBA_4_0/source/librpc/idl/security.idl 2007-07-30 10:30:19 UTC (rev 24079) +++ branches/SAMBA_4_0/source/librpc/idl/security.idl 2007-07-30 10:30:34 UTC (rev 24080) @@ -170,6 +170,7 @@ const int DOMAIN_RID_GUEST = 501; const int DOMAIN_RID_ADMINS = 512; const int DOMAIN_RID_USERS = 513; + const int DOMAIN_RID_DOMAIN_MEMBERS = 515; const int DOMAIN_RID_DCS = 516; const int DOMAIN_RID_CERT_ADMINS = 517; const int DOMAIN_RID_SCHEMA_ADMINS = 518; Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c =================================================================== --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:30:19 UTC (rev 24079) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:30:34 UTC (rev 24080) @@ -1269,6 +1269,7 @@ cn_name[cn_name_len - 1] = '\0'; container = "CN=Computers"; obj_class = "computer"; + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS); } else if (r->in.acct_flags == ACB_SVRTRUST) { if (cn_name[cn_name_len - 1] != '$') { @@ -1277,6 +1278,7 @@ cn_name[cn_name_len - 1] = '\0'; container = "OU=Domain Controllers"; obj_class = "computer"; + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS); } else if (r->in.acct_flags == ACB_DOMTRUST) { container = "CN=Users"; Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c =================================================================== --- branches/SAMBA_4_0/source/torture/rpc/samr.c 2007-07-30 10:30:19 UTC (rev 24079) +++ branches/SAMBA_4_0/source/torture/rpc/samr.c 2007-07-30 10:30:34 UTC (rev 24080) @@ -2513,7 +2513,7 @@ if (NT_STATUS_IS_OK(status)) { q.in.user_handle = &user_handle; - q.in.level = 16; + q.in.level = 5; status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2521,11 +2521,34 @@ q.in.level, nt_errstr(status)); ret = False; } else { - if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { - printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n", - q.out.info->info16.acct_flags, + if ((q.out.info->info5.acct_flags & acct_flags) != acct_flags) { + printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n", + q.out.info->info5.acct_flags, acct_flags); ret = False; + } + switch (acct_flags) { + case ACB_SVRTRUST: + if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) { + printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n", + DOMAIN_RID_DCS, q.out.info->info5.primary_gid); + ret = False; + } + break; + case ACB_WSTRUST: + if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) { + printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n", + DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid); + ret = False; + } + break; + case ACB_NORMAL: + if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) { + printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n", + DOMAIN_RID_USERS, q.out.info->info5.primary_gid); + ret = False; + } + break; } }
