summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-06-24 00:33:44 +0200
committerKarolin Seeger <kseeger@samba.org>2009-09-03 08:22:56 +0200
commitd834a29ac59f3634392b0ab1e39a2b5ca0b527d2 (patch)
tree7e22679cf66e9923f254acdb16673cc0f742a776 /source3
parenta8e6233b080c80b4fdcc57f0bfd0e1453253fcbb (diff)
downloadsamba-d834a29ac59f3634392b0ab1e39a2b5ca0b527d2.tar.gz
s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.
Note that this only is tried with editposix=yes. Guenther (cherry picked from commit 272e389ff63d929fc6b06305e00fa042d71dbec0)
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/pdb_ldap.c46
1 files changed, 46 insertions, 0 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index cf4889bf449..71d40304c9d 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5187,6 +5187,18 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
return NT_STATUS_OK;
}
+static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
+ TALLOC_CTX *tmp_ctx,
+ uint32 group_rid,
+ uint32 member_rid);
+
+static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ struct samu *user,
+ DOM_SID **pp_sids,
+ gid_t **pp_gids,
+ size_t *p_num_groups);
+
static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, struct samu *sam_acct)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
@@ -5241,6 +5253,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
+ /* try to remove memberships first */
+ {
+ NTSTATUS status;
+ struct dom_sid *sids = NULL;
+ gid_t *gids = NULL;
+ size_t num_groups = 0;
+ int i;
+ uint32_t user_rid = pdb_get_user_rid(sam_acct);
+
+ status = ldapsam_enum_group_memberships(my_methods,
+ tmp_ctx,
+ sam_acct,
+ &sids,
+ &gids,
+ &num_groups);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto delete_dn;
+ }
+
+ for (i=0; i < num_groups; i++) {
+
+ uint32_t group_rid;
+
+ sid_peek_rid(&sids[i], &group_rid);
+
+ ldapsam_del_groupmem(my_methods,
+ tmp_ctx,
+ group_rid,
+ user_rid);
+ }
+ }
+
+ delete_dn:
+
rc = smbldap_delete(ldap_state->smbldap_state, dn);
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
View Lorry Controller Status