Changeset 11457 for trunk

Timestamp:

09/29/08 18:01:14 (3 months ago)

Author:

juruen@…

Message:

+ Bugfix. Check and correct if there is a user or group with a wrong SID.
It's possible to run into that scenarion depending when the user/group is
created

Location:

trunk/client/samba

Files:

• ChangeLog (modified) (1 diff)
• configure.ac (modified) (1 diff)
• src/EBox/Samba.pm (modified) (1 diff)
• src/EBox/SambaLdapUser.pm (modified) (2 diffs)

trunk/client/samba/ChangeLog

@@ +1 @@
+0.12.4
+        + Bugfix. Check and correct if there is a user or group with a wrong SID.
+        It's possible to run into that scenarion depending when the user/group is
+        created
 0.12.3
         + Add configuration variable to enable/disable quota support

trunk/client/samba/configure.ac

@@ -1 @@
-AC_INIT([EBox-samba], [0.12.3])
+AC_INIT([EBox-samba], [0.12.4])
 
 AC_CONFIG_AUX_DIR([config])

trunk/client/samba/src/EBox/Samba.pm

@@ -364 +364 @@
     $smbimpl->setSambaDomainName($self->workgroup) ;
     $smbimpl->updateNetbiosName($self->netbios);
+    $smbimpl->updateSIDEntries();
 
     my @array = ();

trunk/client/samba/src/EBox/SambaLdapUser.pm

@@ -952 +952 @@
                         base => "dc=ebox", 
                         filter => "(objectclass=sambaDomain)", 
+                        
                         scope => "sub"
                     ); 
@@ -1161 +1162 @@
 }
 
+# Method: updateSIDEntries
+#       
+#               Check and correct if there's any user or group with a wrong SID. Note
+#               that depending on when the user/group is created the SID might change.
+#               This method should be run in regenConfig
+#
+#       
+sub updateSIDEntries
+{
+        my ($self) = @_;
+
+        my $users = EBox::Global->modInstance('users');
+        my $ldap = $self->{'ldap'};
+        my $userDN = $users->usersDn();
+        my $sid = uc(getSID());
+        $sid = uc($sid);
+
+        my %attrs = (
+                        base   => $userDN,
+                        filter => "(&(objectclass=sambaSamAccount)(!(sambaSID=$sid*)))",
+                        attrs  => ['sambaSID', 'sambaPrimaryGroupSID', 'dn'],
+                        scope  => 'sub'
+                        );
+
+        my $result = $ldap->search(\%attrs);
+
+        for my $entry ($result->entries()) {
+                my $oldSID = $entry->get_value('sambaSID');
+                my $oldGroupSID = $entry->get_value('sambaPrimaryGroupSID');
+                my ($lastNumbers) = $oldSID =~ /.*-(\d+)$/;
+                my $newSID = "$sid-$lastNumbers";
+                my ($lastNumbersGroup) = $oldGroupSID =~ /.*-(\d+)$/;
+                my $newGroupSID = "$sid-$lastNumbersGroup";
+                $ldap->modifyAttribute($entry->dn(), 'sambaSID', $newSID);
+                $ldap->modifyAttribute($entry->dn(), 
+                                'sambaPrimaryGroupSID', 
+                                $newGroupSID);
+        }
+
+        my $groupDN = $users->groupsDn();
+        %attrs = (
+                        base   => $groupDN,
+                        filter => "(&(objectclass=sambaGroupMapping)(!(sambaSID=$sid*)))",
+                        attrs  => ['sambaSID'],
+                        scope  => 'sub'
+                        );
+
+        $result = $ldap->search(\%attrs);
+
+        for my $entry ($result->entries()) {
+                my $oldSID = $entry->get_value('sambaSID');
+                my ($lastNumbers) = $oldSID =~ /.*-(\d+)$/;
+                my $newSID = "$sid-$lastNumbers";
+                $ldap->modifyAttribute($entry->dn(), 'sambaSID', $newSID);
+        }
+}
+
+
 sub _isSambaObject($$$) {
         my $self = shift;