summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-10 11:50:12 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-10 16:22:06 +0200
commit13b1f7a2b33b299208abfbb50fbf1e2b982ca326 (patch)
tree7ce0d250605be0d06779efdca5d9a384199dc62d
parentf95634dbe0b8afbae8b90323ba98ddb69d9dcf6e (diff)
downloadsamba-13b1f7a2b33b299208abfbb50fbf1e2b982ca326.tar.gz
samba-13b1f7a2b33b299208abfbb50fbf1e2b982ca326.tar.bz2
samba-13b1f7a2b33b299208abfbb50fbf1e2b982ca326.zip
s4:dcesrv_samr_Add/DelGroupMember - remove the account type check
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users.
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c21
1 files changed, 10 insertions, 11 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 45d96991e9..3ad3940967 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1948,12 +1948,11 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T
return NT_STATUS_NO_MEMORY;
}
- /* In native mode, AD can also nest domain groups. Not sure yet
- * whether this is also available via RPC. */
+ /* according to MS-SAMR 3.1.5.8.2 all type of accounts are accepted */
ret = ldb_search(d_state->sam_ctx, mem_ctx, &res,
- d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
- "(&(objectSid=%s)(objectclass=user))",
- ldap_encode_ndr_dom_sid(mem_ctx, membersid));
+ d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, membersid));
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2050,15 +2049,15 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call
d_state = a_state->domain_state;
membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
- if (membersid == NULL)
+ if (membersid == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
- /* In native mode, AD can also nest domain groups. Not sure yet
- * whether this is also available via RPC. */
+ /* according to MS-SAMR 3.1.5.8.2 all type of accounts are accepted */
ret = ldb_search(d_state->sam_ctx, mem_ctx, &res,
- d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
- "(&(objectSid=%s)(objectclass=user))",
- ldap_encode_ndr_dom_sid(mem_ctx, membersid));
+ d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs,
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, membersid));
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;