s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb

w2k8-r2 gives a "schema mismatch" error if the revision is not set to REVISION_ADS and you replicate the ntsecuritydescriptor using DRS. Nadya, please check this! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
author: Andrew Tridgell <tridge@samba.org> 2010-01-02 16:53:20 +1100
committer: Andrew Tridgell <tridge@samba.org> 2010-01-02 17:28:36 +1100
commit: 504754856eed363dde28cdff821c086754deb7f8 (patch)
tree: ab3a9b146fda076e0efcb2d8b0e5d394a3cade7c /source4/dsdb/samdb/ldb_modules
parent: e809b721e9d1a750c3c1bf48882532714af69e5f (diff)
download: samba-504754856eed363dde28cdff821c086754deb7f8.tar.gz
samba-504754856eed363dde28cdff821c086754deb7f8.tar.bz2
samba-504754856eed363dde28cdff821c086754deb7f8.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index d5a5e36e0e..f07743c4a2 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -285,6 +285,14 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
 	if (!final_sd) {
 		return NULL;
 	}
+
+	if (final_sd->dacl) {
+		final_sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+	}
+	if (final_sd->sacl) {
+		final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS;
+	}
+
 	sddl_sd = sddl_encode(mem_ctx, final_sd, domain_sid);
 	DEBUG(10, ("Object %s created with desriptor %s\n\n", ldb_dn_get_linearized(dn), sddl_sd));
author	Andrew Tridgell <tridge@samba.org>	2010-01-02 16:53:20 +1100
committer	Andrew Tridgell <tridge@samba.org>	2010-01-02 17:28:36 +1100
commit	504754856eed363dde28cdff821c086754deb7f8 (patch)
tree	ab3a9b146fda076e0efcb2d8b0e5d394a3cade7c /source4/dsdb/samdb/ldb_modules
parent	e809b721e9d1a750c3c1bf48882532714af69e5f (diff)
download	samba-504754856eed363dde28cdff821c086754deb7f8.tar.gz samba-504754856eed363dde28cdff821c086754deb7f8.tar.bz2 samba-504754856eed363dde28cdff821c086754deb7f8.zip