diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-01-14 12:10:25 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-01-14 18:29:07 +0100 |
commit | 39eea5ca43ec6704e9d64a9d707adedb094d0aeb (patch) | |
tree | 2b15119ab763d0c95e2711a50bf5011272821115 /source4/dsdb/samdb | |
parent | 109cbe37a2cf819f297b1ebf63f1817579bedf02 (diff) | |
download | samba-39eea5ca43ec6704e9d64a9d707adedb094d0aeb.tar.gz samba-39eea5ca43ec6704e9d64a9d707adedb094d0aeb.tar.bz2 samba-39eea5ca43ec6704e9d64a9d707adedb094d0aeb.zip |
s4:samldb LDB module - fix "userAccountControl" handling
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 5653ba1751..e60f24023d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -800,7 +800,6 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) struct ldb_message_element *el, *el2; enum sid_generator sid_generator; struct dom_sid *sid; - const char *tempstr; int ret; /* make sure that "sAMAccountType" is not specified */ @@ -834,6 +833,8 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) } if (strcmp(ac->type, "user") == 0) { + bool uac_generated = false; + /* Step 1.2: Default values */ ret = samdb_find_or_add_attribute(ldb, ac->msg, "accountExpires", "9223372036854775807"); @@ -863,11 +864,18 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) "pwdLastSet", "0"); if (ret != LDB_SUCCESS) return ret; - tempstr = talloc_asprintf(ac->msg, "%d", UF_NORMAL_ACCOUNT); - if (tempstr == NULL) return ldb_operr(ldb); - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "userAccountControl", tempstr); - if (ret != LDB_SUCCESS) return ret; + /* On add operations we might need to generate a + * "userAccountControl" (if it isn't specified). */ + el = ldb_msg_find_element(ac->msg, "userAccountControl"); + if ((el == NULL) && (ac->req->operation == LDB_ADD)) { + ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg, + "userAccountControl", + UF_NORMAL_ACCOUNT); + if (ret != LDB_SUCCESS) { + return ret; + } + uac_generated = true; + } el = ldb_msg_find_element(ac->msg, "userAccountControl"); if (el != NULL) { @@ -924,8 +932,10 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) } /* Step 1.5: Add additional flags when needed */ - if ((user_account_control & UF_NORMAL_ACCOUNT) && - (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) == NULL)) { + /* Obviously this is done when the "userAccountControl" + * has been generated here (tested against Windows + * Server) */ + if (uac_generated) { user_account_control |= UF_ACCOUNTDISABLE; user_account_control |= UF_PASSWD_NOTREQD; @@ -939,6 +949,8 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) } } else if (strcmp(ac->type, "group") == 0) { + const char *tempstr; + /* Step 2.2: Default values */ tempstr = talloc_asprintf(ac->msg, "%d", GTYPE_SECURITY_GLOBAL_GROUP); |