diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-16 13:12:02 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-16 15:25:13 +0100 |
commit | cebad70ee6d8fb3e2f3d306d98fb88a4c8526f28 (patch) | |
tree | 95197c7c2b0ec50c16e48b7ffb6504ff03e4b462 /source4/dsdb/samdb | |
parent | 7cc2f9803801dcae0a4780f46cd2b642fac1b1cf (diff) | |
download | samba-cebad70ee6d8fb3e2f3d306d98fb88a4c8526f28.tar.gz samba-cebad70ee6d8fb3e2f3d306d98fb88a4c8526f28.tar.bz2 samba-cebad70ee6d8fb3e2f3d306d98fb88a4c8526f28.zip |
s4:descriptor LDB module - handle the NCs in a more generic way by using "dsdb_find_nc_root"
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index c0f2527e4c..d973e86a5b 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -692,16 +692,28 @@ static int descriptor_do_add(struct descriptor_context *ac) sizeof(struct ldb_val)); } - /* NC's have no parent */ - /* FIXME: this has to be made dynamic at some point */ - if ((ldb_dn_compare(ac->msg->dn, (ldb_get_schema_basedn(ldb))) == 0) || - (ldb_dn_compare(ac->msg->dn, (ldb_get_config_basedn(ldb))) == 0) || - (ldb_dn_compare(ac->msg->dn, (ldb_get_default_basedn(ldb))) == 0)) { - ac->parentsd_val = NULL; - } else if (ac->search_res != NULL) { - struct ldb_message_element *parent_element = ldb_msg_find_element(ac->search_res->message, "nTSecurityDescriptor"); - if (parent_element) { - ac->parentsd_val = talloc_memdup(ac, &parent_element->values[0], sizeof(struct ldb_val)); + /* If we do have a parent, then please fetch it's security descriptor. + * But have in mind: NCs don't have any parents! That means + * "CN=Configuration,DC=example,DC=com" has no parent + * "DC=example,DC=com" since this is located under another NC! */ + if (ac->search_res != NULL) { + struct ldb_message_element *parent_element = NULL; + struct ldb_dn *nc_root; + + ret = dsdb_find_nc_root(ldb, ac, ac->msg->dn, &nc_root); + if (ret != LDB_SUCCESS) { + return ret; + } + + if (ldb_dn_compare(ac->msg->dn, nc_root) != 0) { + /* we aren't any NC */ + parent_element = ldb_msg_find_element(ac->search_res->message, + "nTSecurityDescriptor"); + if (parent_element != NULL) { + ac->parentsd_val = talloc_memdup(ac, + &parent_element->values[0], + sizeof(struct ldb_val)); + } } } |