1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:samldb LDB module - fix "isCriticalSystemObject" behaviour

Tests against Windows Server show that it gets set to "FALSE" (not
deleted) if we change the account type to a domain member.

Reviewed-by: abartlet
This commit is contained in:
Matthias Dieter Wallnöfer 2011-05-23 11:46:39 +02:00
parent c72d32da6d
commit 0c753e503c

View File

@ -911,11 +911,20 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
el2 = ldb_msg_find_element(ac->msg, "sAMAccountType");
el2->flags = LDB_FLAG_MOD_REPLACE;
/* "isCriticalSystemObject" might be set */
if (user_account_control &
(UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) {
ret = samdb_msg_set_string(ldb, ac->msg, ac->msg,
"isCriticalSystemObject",
"TRUE");
ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject",
"TRUE");
if (ret != LDB_SUCCESS) {
return ret;
}
el2 = ldb_msg_find_element(ac->msg,
"isCriticalSystemObject");
el2->flags = LDB_FLAG_MOD_REPLACE;
} else if (user_account_control & UF_WORKSTATION_TRUST_ACCOUNT) {
ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject",
"FALSE");
if (ret != LDB_SUCCESS) {
return ret;
}
@ -1298,6 +1307,7 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac)
el = ldb_msg_find_element(ac->msg, "sAMAccountType");
el->flags = LDB_FLAG_MOD_REPLACE;
/* "isCriticalSystemObject" might be set/changed */
if (user_account_control
& (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) {
ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject",
@ -1308,6 +1318,15 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac)
el = ldb_msg_find_element(ac->msg,
"isCriticalSystemObject");
el->flags = LDB_FLAG_MOD_REPLACE;
} else if (user_account_control & UF_WORKSTATION_TRUST_ACCOUNT) {
ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject",
"FALSE");
if (ret != LDB_SUCCESS) {
return ret;
}
el = ldb_msg_find_element(ac->msg,
"isCriticalSystemObject");
el->flags = LDB_FLAG_MOD_REPLACE;
}
if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {