diff options
author | Günther Deschner <gd@samba.org> | 2009-06-24 00:33:44 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-09-03 08:22:56 +0200 |
commit | d834a29ac59f3634392b0ab1e39a2b5ca0b527d2 (patch) | |
tree | 7e22679cf66e9923f254acdb16673cc0f742a776 /source3 | |
parent | a8e6233b080c80b4fdcc57f0bfd0e1453253fcbb (diff) | |
download | samba-d834a29ac59f3634392b0ab1e39a2b5ca0b527d2.tar.gz |
s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.
Note that this only is tried with editposix=yes.
Guenther
(cherry picked from commit 272e389ff63d929fc6b06305e00fa042d71dbec0)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/pdb_ldap.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index cf4889bf449..71d40304c9d 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -5187,6 +5187,18 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, return NT_STATUS_OK; } +static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods, + TALLOC_CTX *tmp_ctx, + uint32 group_rid, + uint32 member_rid); + +static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct samu *user, + DOM_SID **pp_sids, + gid_t **pp_gids, + size_t *p_num_groups); + static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, struct samu *sam_acct) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; @@ -5241,6 +5253,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX * return NT_STATUS_NO_MEMORY; } + /* try to remove memberships first */ + { + NTSTATUS status; + struct dom_sid *sids = NULL; + gid_t *gids = NULL; + size_t num_groups = 0; + int i; + uint32_t user_rid = pdb_get_user_rid(sam_acct); + + status = ldapsam_enum_group_memberships(my_methods, + tmp_ctx, + sam_acct, + &sids, + &gids, + &num_groups); + if (!NT_STATUS_IS_OK(status)) { + goto delete_dn; + } + + for (i=0; i < num_groups; i++) { + + uint32_t group_rid; + + sid_peek_rid(&sids[i], &group_rid); + + ldapsam_del_groupmem(my_methods, + tmp_ctx, + group_rid, + user_rid); + } + } + + delete_dn: + rc = smbldap_delete(ldap_state->smbldap_state, dn); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; |