From 5c1cfe267ce10180e2c42105a1d84f84e7512c8d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 26 Mar 2014 01:25:34 +0100 Subject: [PATCH] s4:dsdb/util_samr: simplify dsdb_add_user() We can specify userAccountControl on the ldb_add() call. Change-Id: Ic990a74eaf9b38ddc1db3183a964972c786dbfdf Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/dsdb/common/util_samr.c | 50 +++++++---------------------------------- 1 file changed, 8 insertions(+), 42 deletions(-) diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c index 184dfd5f46d..bb906fa0488 100644 --- a/source4/dsdb/common/util_samr.c +++ b/source4/dsdb/common/util_samr.c @@ -109,7 +109,7 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, if (acct_flags == ACB_NORMAL) { container = "CN=Users"; obj_class = "user"; - + user_account_control = UF_NORMAL_ACCOUNT; } else if (acct_flags == ACB_WSTRUST) { if (cn_name[cn_name_len - 1] != '$') { ldb_transaction_cancel(ldb); @@ -118,6 +118,7 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, cn_name[cn_name_len - 1] = '\0'; container = "CN=Computers"; obj_class = "computer"; + user_account_control = UF_WORKSTATION_TRUST_ACCOUNT; } else if (acct_flags == ACB_SVRTRUST) { if (cn_name[cn_name_len - 1] != '$') { @@ -127,6 +128,7 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, cn_name[cn_name_len - 1] = '\0'; container = "OU=Domain Controllers"; obj_class = "computer"; + user_account_control = UF_SERVER_TRUST_ACCOUNT; } else if (acct_flags == ACB_DOMTRUST) { DEBUG(3, ("Invalid account flags specified: cannot create domain trusts via this interface (must use LSA CreateTrustedDomain calls\n")); ldb_transaction_cancel(ldb); @@ -142,6 +144,8 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, return NT_STATUS_INVALID_PARAMETER; } + user_account_control |= UF_ACCOUNTDISABLE | UF_PASSWD_NOTREQD; + /* add core elements to the ldb_message for the user */ msg->dn = ldb_dn_copy(msg, ldb_get_default_basedn(ldb)); if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s,%s", cn_name, container)) { @@ -152,6 +156,9 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, ldb_msg_add_string(msg, "sAMAccountName", account_name); ldb_msg_add_string(msg, "objectClass", obj_class); + samdb_msg_add_uint(ldb, tmp_ctx, msg, + "userAccountControl", + user_account_control); /* This is only here for migrations using pdb_samba4, the * caller and the samldb are responsible for ensuring it makes @@ -216,47 +223,6 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, return NT_STATUS_INTERNAL_DB_CORRUPTION; } - /* Change the account control to be the correct account type. - * The default is for a workstation account */ - user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); - user_account_control = (user_account_control & - ~(UF_NORMAL_ACCOUNT | - UF_INTERDOMAIN_TRUST_ACCOUNT | - UF_WORKSTATION_TRUST_ACCOUNT | - UF_SERVER_TRUST_ACCOUNT)); - user_account_control |= ds_acb2uf(acct_flags); - - talloc_free(msg); - msg = ldb_msg_new(tmp_ctx); - if (msg == NULL) { - ldb_transaction_cancel(ldb); - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - msg->dn = account_dn; - - if (samdb_msg_add_uint(ldb, tmp_ctx, msg, - "userAccountControl", - user_account_control) != LDB_SUCCESS) { - ldb_transaction_cancel(ldb); - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - /* modify the samdb record */ - ret = dsdb_replace(ldb, msg, 0); - if (ret != LDB_SUCCESS) { - DEBUG(0,("Failed to modify account record %s to set userAccountControl: %s\n", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(ldb))); - ldb_transaction_cancel(ldb); - talloc_free(tmp_ctx); - - /* we really need samdb.c to return NTSTATUS */ - return NT_STATUS_UNSUCCESSFUL; - } - ret = ldb_transaction_commit(ldb); if (ret != LDB_SUCCESS) { DEBUG(0,("Failed to commit transaction to add and modify account record %s: %s\n", -- 2.11.4.GIT