sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s4:samldb LDB module - check if the RODC group exists if creating an RODC

Browse Source 
Older AD deployments simply don't have it and hence there is no RODC
support.

Reviewed-by: abartlet

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
This commit is contained in:
Matthias Dieter Wallnöfer 2011-05-24 22:05:46 +02:00
parent 08f5ed8b4f
commit ff47927fb9
1 changed files with 43 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
source4/dsdb/samdb/ldb_modules/samldb.c
View File

@ -790,6 +790,8 @@ static int samldb_schema_info_update(struct samldb_ctx *ac)
return LDB_SUCCESS;
}
static int samldb_prim_group_tester(struct samldb_ctx *ac, uint32_t rid);
/*
* "Objectclass" trigger (MS-SAMR 3.1.1.8.1)
*
@ -946,6 +948,18 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
/* Step 1.4: "userAccountControl" -> "primaryGroupID" mapping */
if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
uint32_t rid = ds_uf2prim_group_rid(user_account_control);
/*
* Older AD deployments don't know about the
* RODC group
*/
if (rid == DOMAIN_RID_READONLY_DCS) {
ret = samldb_prim_group_tester(ac, rid);
if (ret != LDB_SUCCESS) {
return ret;
}
}
ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
"primaryGroupID", rid);
if (ret != LDB_SUCCESS) {
@ -1028,26 +1042,14 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
* ac->msg contains the "add"/"modify" message
*/
static int samldb_prim_group_set(struct samldb_ctx *ac)
static int samldb_prim_group_tester(struct samldb_ctx *ac, uint32_t rid)
{
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
uint32_t rid;
struct dom_sid *sid;
struct ldb_result *res;
int ret;
const char *noattrs[] = { NULL };
rid = ldb_msg_find_attr_as_uint(ac->msg, "primaryGroupID", (uint32_t) -1);
if (rid == (uint32_t) -1) {
/* we aren't affected of any primary group set */
return LDB_SUCCESS;
} else if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
ldb_set_errstring(ldb,
"The primary group isn't settable on add operations!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid);
if (sid == NULL) {
return ldb_operr(ldb);
@ -1073,6 +1075,25 @@ static int samldb_prim_group_set(struct samldb_ctx *ac)
return LDB_SUCCESS;
}
static int samldb_prim_group_set(struct samldb_ctx *ac)
{
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
uint32_t rid;
rid = ldb_msg_find_attr_as_uint(ac->msg, "primaryGroupID", (uint32_t) -1);
if (rid == (uint32_t) -1) {
/* we aren't affected of any primary group set */
return LDB_SUCCESS;
} else if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
ldb_set_errstring(ldb,
"The primary group isn't settable on add operations!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
return samldb_prim_group_tester(ac, rid);
}
static int samldb_prim_group_change(struct samldb_ctx *ac)
{
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
@ -1358,6 +1379,15 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac)
if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
uint32_t rid = ds_uf2prim_group_rid(user_account_control);
/* Older AD deployments don't know about the RODC group */
if (rid == DOMAIN_RID_READONLY_DCS) {
ret = samldb_prim_group_tester(ac, rid);
if (ret != LDB_SUCCESS) {
return ret;
}
}
ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
"primaryGroupID", rid);
if (ret != LDB_SUCCESS) {