diff options
| author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-04-13 09:18:33 +0200 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-04-13 09:32:34 +0200 |
| commit | a894d6cc37c3799d478720f4340fcef57a5d0b4b (patch) | |
| tree | fa8e3a2aa9e938e846ae02277247b45cc0b69330 /source4/dsdb/samdb/ldb_modules/descriptor.c | |
| parent | 0dffa9caec8925a081e951579dd696810fc9e857 (diff) | |
| download | samba-a894d6cc37c3799d478720f4340fcef57a5d0b4b.tar.gz samba-a894d6cc37c3799d478720f4340fcef57a5d0b4b.tar.bz2 samba-a894d6cc37c3799d478720f4340fcef57a5d0b4b.zip | |
s4:acl/descriptor LDB module - distinguish between root and default basedn
The first is the forest base DN, the second the domain base DN. At the moment
we assume that they are both the same but it hasn't to be so.
Nadia, I would invite you to fix the outstanding parts regarding this (I added
comments).
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/descriptor.c')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index efd331b054..cdfab3c354 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -64,6 +64,7 @@ struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); struct ldb_dn *root_base_dn = ldb_get_root_basedn(ldb); + struct ldb_dn *default_base_dn = ldb_get_default_basedn(ldb); struct ldb_dn *schema_base_dn = ldb_get_schema_basedn(ldb); struct ldb_dn *config_base_dn = ldb_get_config_basedn(ldb); const struct dom_sid *domain_sid = samdb_domain_sid(ldb); @@ -72,6 +73,9 @@ struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx, struct dom_sid *sa_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_SCHEMA_ADMINS); struct dom_sid *dag_sid; + /* FIXME: this has to be fixed regarding the forest DN (root DN) and + * the domain DN (default DN) - they aren't always the same. */ + if (ldb_dn_compare_base(schema_base_dn, dn) == 0){ if (security_token_has_sid(token, sa_sid)) dag_sid = dom_sid_dup(mem_ctx, sa_sid); @@ -697,8 +701,10 @@ static int descriptor_do_add(struct descriptor_context *ac) ac->sd_val = talloc_memdup(ac, &sd_element->values[0], sizeof(struct ldb_val)); } /* NC's have no parent */ + /* FIXME: this has to be made dynamic at some point */ if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) || (ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) || + (ldb_dn_compare(msg->dn, (ldb_get_default_basedn(ldb))) == 0) || (ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0)) { ac->parentsd_val = NULL; } else if (ac->search_res != NULL) { |