diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-16 12:49:16 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:21 +0100 |
commit | fb2a41d9453d94860104b7b96a75bf8fa96996d6 (patch) | |
tree | 8e8c75ee5a854cffa4fcca50b6057d4f5572b25c | |
parent | f8c0ad65ad783b3c82ec8ab120d18ad454fe2665 (diff) | |
download | samba-fb2a41d9453d94860104b7b96a75bf8fa96996d6.tar.gz samba-fb2a41d9453d94860104b7b96a75bf8fa96996d6.tar.bz2 samba-fb2a41d9453d94860104b7b96a75bf8fa96996d6.zip |
s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 36a64d06e6..18caa38103 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -644,13 +644,13 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) "instanceType", "objectClass", NULL }; struct ldb_control *sd_propagation_control; + int cmp_ret = -1; /* do not manipulate our control entries */ if (ldb_dn_is_special(dn)) { return ldb_next_request(module, req); } - sd_propagation_control = ldb_request_get_control(req, DSDB_CONTROL_SEC_DESC_PROPAGATION_OID); if (sd_propagation_control != NULL) { @@ -774,9 +774,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) if (msg == NULL) { return ldb_oom(ldb); } + cmp_ret = data_blob_cmp(old_sd, sd); if (sd_propagation_control != NULL) { - ret = data_blob_cmp(old_sd, sd); - if (ret == 0) { + if (cmp_ret == 0) { /* * The nTSecurityDescriptor is unchanged, * which means we can stop the processing. @@ -800,6 +800,20 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) if (ret != LDB_SUCCESS) { return ldb_oom(ldb); } + } else if (cmp_ret != 0) { + struct ldb_dn *nc_root; + + ret = dsdb_find_nc_root(ldb, msg, dn, &nc_root); + if (ret != LDB_SUCCESS) { + return ldb_oom(ldb); + } + + ret = dsdb_module_schedule_sd_propagation(module, nc_root, + dn, false); + if (ret != LDB_SUCCESS) { + return ldb_operr(ldb); + } + sd_element->values[0] = *sd; } else { sd_element->values[0] = *sd; } |