summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-16 12:49:16 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:21 +0100
commitfb2a41d9453d94860104b7b96a75bf8fa96996d6 (patch)
tree8e8c75ee5a854cffa4fcca50b6057d4f5572b25c
parentf8c0ad65ad783b3c82ec8ab120d18ad454fe2665 (diff)
downloadsamba-fb2a41d9453d94860104b7b96a75bf8fa96996d6.tar.gz
samba-fb2a41d9453d94860104b7b96a75bf8fa96996d6.tar.bz2
samba-fb2a41d9453d94860104b7b96a75bf8fa96996d6.zip
s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 36a64d06e6..18caa38103 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -644,13 +644,13 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
"instanceType",
"objectClass", NULL };
struct ldb_control *sd_propagation_control;
+ int cmp_ret = -1;
/* do not manipulate our control entries */
if (ldb_dn_is_special(dn)) {
return ldb_next_request(module, req);
}
-
sd_propagation_control = ldb_request_get_control(req,
DSDB_CONTROL_SEC_DESC_PROPAGATION_OID);
if (sd_propagation_control != NULL) {
@@ -774,9 +774,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
if (msg == NULL) {
return ldb_oom(ldb);
}
+ cmp_ret = data_blob_cmp(old_sd, sd);
if (sd_propagation_control != NULL) {
- ret = data_blob_cmp(old_sd, sd);
- if (ret == 0) {
+ if (cmp_ret == 0) {
/*
* The nTSecurityDescriptor is unchanged,
* which means we can stop the processing.
@@ -800,6 +800,20 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
if (ret != LDB_SUCCESS) {
return ldb_oom(ldb);
}
+ } else if (cmp_ret != 0) {
+ struct ldb_dn *nc_root;
+
+ ret = dsdb_find_nc_root(ldb, msg, dn, &nc_root);
+ if (ret != LDB_SUCCESS) {
+ return ldb_oom(ldb);
+ }
+
+ ret = dsdb_module_schedule_sd_propagation(module, nc_root,
+ dn, false);
+ if (ret != LDB_SUCCESS) {
+ return ldb_operr(ldb);
+ }
+ sd_element->values[0] = *sd;
} else {
sd_element->values[0] = *sd;
}