sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

r24263: Fix bug 4846 (unable to copy users in MMC Active Directory Users and

Browse Source 
Computers).

We now generate a security descriptor for each object, when it is
created.  This seems to keep MMC happy.  The next step is to honour
it.

Andrew Bartlett
(This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
This commit is contained in:
Andrew Bartlett 2007-08-07 09:01:08 +00:00 committed by Gerald (Jerry) Carter
parent ae7819d715
commit c4e5fcc349
2 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
source4/dsdb/samdb/ldb_modules/objectclass.c
View File

@ -35,6 +35,11 @@
#include "ldb/include/ldb_private.h"
#include "dsdb/samdb/samdb.h"
#include "lib/util/dlinklist.h"
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "auth/auth.h"
struct oc_context {
enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD} step;
@ -196,6 +201,39 @@ static int objectclass_sort(struct ldb_module *module,
return LDB_SUCCESS;
}
DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
const struct dsdb_class *objectclass)
{
NTSTATUS status;
DATA_BLOB *linear_sd;
struct auth_session_info *session_info
= ldb_get_opaque(module->ldb, "sessionInfo");
struct security_descriptor *sd = sddl_decode(mem_ctx,
objectclass->defaultSecurityDescriptor,
samdb_domain_sid(module->ldb));
if (!session_info || !session_info->security_token) {
return NULL;
}
sd->owner_sid = session_info->security_token->user_sid;
sd->group_sid = session_info->security_token->group_sid;
linear_sd = talloc(mem_ctx, DATA_BLOB);
if (!linear_sd) {
return NULL;
}
status = ndr_push_struct_blob(linear_sd, mem_ctx, sd,
(ndr_push_flags_fn_t)ndr_push_security_descriptor);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
return linear_sd;
}
static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_message_element *objectclass_element;
@ -266,12 +304,18 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req)
talloc_free(mem_ctx);
return ret;
}
/* Last one */
if (schema && !current->next && !ldb_msg_find_element(msg, "objectCategory")) {
/* Last one is the critical one */
if (schema && !current->next) {
const struct dsdb_class *objectclass
= dsdb_class_by_lDAPDisplayName(schema, current->objectclass);
if (objectclass) {
ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory);
if (!ldb_msg_find_element(msg, "objectCategory")) {
ldb_msg_add_string(msg, "objectCategory", objectclass->defaultObjectCategory);
}
if (!ldb_msg_find_element(msg, "ntSecurityDescriptor")) {
DATA_BLOB *sd = get_sd(module, mem_ctx, objectclass);
ldb_msg_add_steal_value(msg, "ntSecurityDescriptor", sd);
}
}
}
}

6
testprogs/ejs/ldap.js
View File

@ -258,7 +258,7 @@ objectClass: user
assert(res.msgs[0].objectCategory == "cn=Person,cn=Schema,cn=Configuration," + base_dn);
assert(res.msgs[0].sAMAccountType == 805306368);
// assert(res[0].userAccountControl == 546);
println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
var res2 = ldb.search("(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
if (res2.error != 0 || res2.msgs.length != 1) {
@ -439,8 +439,9 @@ objectClass: user
// assert(res.msgs[0].userAccountControl == 4098);
var attrs = new Array("cn", "name", "objectClass", "objectGUID", "whenCreated", "ntSecurityDescriptor");
println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))");
var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))", base_dn, ldb.SCOPE_SUBTREE, attrs);
if (res.error != 0 || res.msgs.length != 1) {
println("Could not find (&(cn=ldaptestUSer2)(objectClass=user))");
assert(res.error == 0);
@ -456,6 +457,7 @@ objectClass: user
assert(res.msgs[0].objectClass[3] == "user");
assert(res.msgs[0].objectGUID != undefined);
assert(res.msgs[0].whenCreated != undefined);
assert(res.msgs[0].ntSecurityDescriptor != undefined);
ok = ldb.del(res.msgs[0].dn);
if (ok.error != 0) {