summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-25 15:14:43 -0700
committerAndrew Tridgell <tridge@samba.org>2009-09-28 10:24:13 +1000
commitd1876203248877755347d38a3bc27de506638a7f (patch)
tree1b0da658e4d2bc2e044b1e922cee827847f96b3e
parentc82a816f4b8e375f8a93fa81194a47b327747c7f (diff)
downloadsamba-d1876203248877755347d38a3bc27de506638a7f.tar.gz
samba-d1876203248877755347d38a3bc27de506638a7f.tar.bz2
samba-d1876203248877755347d38a3bc27de506638a7f.zip
s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as critical
We may also need to remove the isCriticalSystemObject when the machine is demoted
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 8f51dc7699..e59b5dd1ce 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2005,6 +2005,16 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
}
el2 = ldb_msg_find_element(msg, "sAMAccountType");
el2->flags = LDB_FLAG_MOD_REPLACE;
+
+ if (user_account_control & UF_SERVER_TRUST_ACCOUNT) {
+ ret = samdb_msg_add_string(ldb, msg, msg,
+ "isCriticalSystemObject", "TRUE");
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ el2 = ldb_msg_find_element(msg, "isCriticalSystemObject");
+ el2->flags = LDB_FLAG_MOD_REPLACE;
+ }
}
el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");