summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-01 17:02:45 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-01 21:30:28 +0200
commit89c7859006a47d646762f8f3e2256f72d6133c70 (patch)
tree36412c5a04c5cb3837166f8a4942681d1598088e
parentf824e459f0c7971e86ff214bdfe84ce93dba14aa (diff)
downloadsamba-89c7859006a47d646762f8f3e2256f72d6133c70.tar.gz
samba-89c7859006a47d646762f8f3e2256f72d6133c70.tar.bz2
samba-89c7859006a47d646762f8f3e2256f72d6133c70.zip
s4:descriptor LDB module - remove the "forest DN" check
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index d96e18e15f..f32383ed72 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -63,7 +63,7 @@ struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb)
{
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- struct ldb_dn *root_base_dn = ldb_get_root_basedn(ldb);
+ struct ldb_dn *default_base_dn = ldb_get_default_basedn(ldb);
struct ldb_dn *schema_base_dn = ldb_get_schema_basedn(ldb);
struct ldb_dn *config_base_dn = ldb_get_config_basedn(ldb);
const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
@@ -93,7 +93,7 @@ struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
else
dag_sid = NULL;
}
- else if (ldb_dn_compare_base(root_base_dn, dn) == 0){
+ else if (ldb_dn_compare_base(default_base_dn, dn) == 0){
if (security_token_has_sid(token, da_sid))
dag_sid = dom_sid_dup(mem_ctx, da_sid);
else if (security_token_has_sid(token, ea_sid))
@@ -705,8 +705,7 @@ static int descriptor_do_add(struct descriptor_context *ac)
/* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
- (ldb_dn_compare(msg->dn, (ldb_get_default_basedn(ldb))) == 0) ||
- (ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0)) {
+ (ldb_dn_compare(msg->dn, (ldb_get_default_basedn(ldb))) == 0)) {
ac->parentsd_val = NULL;
} else if (ac->search_res != NULL) {
struct ldb_message_element *parent_element = ldb_msg_find_element(ac->search_res->message, "nTSecurityDescriptor");