diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-10 11:50:12 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-10 16:22:06 +0200 |
commit | 13b1f7a2b33b299208abfbb50fbf1e2b982ca326 (patch) | |
tree | 7ce0d250605be0d06779efdca5d9a384199dc62d | |
parent | f95634dbe0b8afbae8b90323ba98ddb69d9dcf6e (diff) | |
download | samba-13b1f7a2b33b299208abfbb50fbf1e2b982ca326.tar.gz samba-13b1f7a2b33b299208abfbb50fbf1e2b982ca326.tar.bz2 samba-13b1f7a2b33b299208abfbb50fbf1e2b982ca326.zip |
s4:dcesrv_samr_Add/DelGroupMember - remove the account type check
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users.
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 45d96991e9..3ad3940967 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1948,12 +1948,11 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T return NT_STATUS_NO_MEMORY; } - /* In native mode, AD can also nest domain groups. Not sure yet - * whether this is also available via RPC. */ + /* according to MS-SAMR 3.1.5.8.2 all type of accounts are accepted */ ret = ldb_search(d_state->sam_ctx, mem_ctx, &res, - d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, - "(&(objectSid=%s)(objectclass=user))", - ldap_encode_ndr_dom_sid(mem_ctx, membersid)); + d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, membersid)); if (ret != LDB_SUCCESS) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2050,15 +2049,15 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call d_state = a_state->domain_state; membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid); - if (membersid == NULL) + if (membersid == NULL) { return NT_STATUS_NO_MEMORY; + } - /* In native mode, AD can also nest domain groups. Not sure yet - * whether this is also available via RPC. */ + /* according to MS-SAMR 3.1.5.8.2 all type of accounts are accepted */ ret = ldb_search(d_state->sam_ctx, mem_ctx, &res, - d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, - "(&(objectSid=%s)(objectclass=user))", - ldap_encode_ndr_dom_sid(mem_ctx, membersid)); + d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, + "(objectSid=%s)", + ldap_encode_ndr_dom_sid(mem_ctx, membersid)); if (ret != LDB_SUCCESS) { return NT_STATUS_INTERNAL_DB_CORRUPTION; |