summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-01-14 11:37:09 +1100
committerAndrew Tridgell <tridge@samba.org>2011-01-14 16:39:33 +1100
commit15c81078682a9ff67ff8c2f5c25fb4fad3a68616 (patch)
treef9371c109789be183af31855ff3c5c030adfcbb1
parent31d644c7f9a8ac5c142aa08e2338e6b7fa23a54e (diff)
downloadsamba-15c81078682a9ff67ff8c2f5c25fb4fad3a68616.tar.gz
samba-15c81078682a9ff67ff8c2f5c25fb4fad3a68616.tar.bz2
samba-15c81078682a9ff67ff8c2f5c25fb4fad3a68616.zip
s4-dsdb: fixed primaryGroupID to use dsdb_module_search_dn()
this avoids using a multi-part extended DN in a search that hits the check in extended_dn_in Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 0bf72473dd..ff61583229 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1404,7 +1404,6 @@ static int samldb_member_check(struct samldb_ctx *ac)
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
struct ldb_message_element *el;
struct ldb_dn *member_dn;
- uint32_t prim_group_rid;
struct dom_sid *sid;
struct ldb_result *res;
struct dom_sid *group_sid;
@@ -1438,6 +1437,9 @@ static int samldb_member_check(struct samldb_ctx *ac)
el = &ac->msg->elements[i];
for (j = 0; j < el->num_values; j++) {
struct ldb_message_element *mo;
+ struct ldb_result *group_res;
+ const char *group_attrs[] = { "primaryGroupID" , NULL };
+ uint32_t prim_group_rid;
member_dn = ldb_dn_from_ldb_val(ac, ldb,
&el->values[j]);
@@ -1479,11 +1481,17 @@ static int samldb_member_check(struct samldb_ctx *ac)
* ones for them - in this case return
* ERR_ENTRY_ALREADY_EXISTS. */
- prim_group_rid = samdb_search_uint(ldb, ac,
- (uint32_t) -1,
- member_dn,
- "primaryGroupID",
- NULL);
+ ret = dsdb_module_search_dn(ac->module, ac, &group_res,
+ member_dn, group_attrs,
+ DSDB_FLAG_NEXT_MODULE);
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ /* member DN doesn't exist yet */
+ continue;
+ }
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ prim_group_rid = ldb_msg_find_attr_as_uint(group_res->msgs[0], "primaryGroupID", (uint32_t)-1);
if (prim_group_rid == (uint32_t) -1) {
/* the member hasn't to be a user account ->
* therefore no check needed in this case. */