summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamenim@samba.org>2011-02-14 11:35:48 +0200
committerKamen Mazdrashki <kamenim@samba.org>2011-02-14 12:32:22 +0100
commit313489507593c7798d41f8cace48e7cc59228a0d (patch)
treecb7c1c20be458bc1e4d4ca8f6837081d6cf2a3dc /source4/dsdb/samdb
parent73972072d7c02ea8eaadd99be4361d7ee0e04d4a (diff)
downloadsamba-313489507593c7798d41f8cace48e7cc59228a0d.tar.gz
samba-313489507593c7798d41f8cace48e7cc59228a0d.tar.bz2
samba-313489507593c7798d41f8cace48e7cc59228a0d.zip
s4-ldb_modules/acl: Get correct NTDSDSA objectGUID to check SPN for
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 21843ad6e0..af13955771 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -549,8 +549,8 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
const char *samAccountName;
const char *dnsHostName;
const char *netbios_name;
- const struct GUID *ntds = samdb_ntds_objectGUID(ldb);
- const char *ntds_guid = GUID_string(tmp_ctx, ntds);
+ struct GUID ntds;
+ char *ntds_guid = NULL;
static const char *acl_attrs[] = {
"samAccountName",
@@ -562,6 +562,7 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
"nETBIOSName",
NULL
};
+
/* if we have wp, we can do whatever we like */
if (acl_check_access_on_attribute(module,
tmp_ctx,
@@ -619,6 +620,20 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
"Error finding element for servicePrincipalName.");
}
+ /* NTDSDSA objectGuid of object we are checking SPN for */
+ if (userAccountControl & (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) {
+ ret = dsdb_module_find_ntdsguid_for_computer(module, tmp_ctx,
+ req->op.mod.message->dn, &ntds, req);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find NTDSDSA objectGuid for %s: %s",
+ ldb_dn_get_linearized(req->op.mod.message->dn),
+ ldb_strerror(ret));
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ntds_guid = GUID_string(tmp_ctx, &ntds);
+ }
+
for (i=0; i < el->num_values; i++) {
ret = acl_validate_spn_value(tmp_ctx,
ldb,