diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-06-22 17:07:39 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-06-22 11:16:26 +0200 |
commit | c42aeb7872c89983ea274d72b7ef8d9c7a59bc08 (patch) | |
tree | 2933cc503ea42ac6d25984459f04f99cd3cdb3bc /source4/dsdb | |
parent | d9ee7aebcb26c6115e0caeacb90f3f916a5af600 (diff) | |
download | samba-c42aeb7872c89983ea274d72b7ef8d9c7a59bc08.tar.gz samba-c42aeb7872c89983ea274d72b7ef8d9c7a59bc08.tar.bz2 samba-c42aeb7872c89983ea274d72b7ef8d9c7a59bc08.zip |
s4-dsdb: prioritise GUID in extended_dn_in
if we search with a base DN that has both a GUID and a SID, then use
the GUID first. This matters for the S-1-5-17 SID.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c index e2bb0de054..9a70d9a3db 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c @@ -315,30 +315,33 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req guid_val = ldb_dn_get_extended_component(dn, "GUID"); wkguid_val = ldb_dn_get_extended_component(dn, "WKGUID"); - if (sid_val) { + /* + prioritise the GUID - we have had instances of + duplicate SIDs in the database in the + ForeignSecurityPrinciples due to provision errors + */ + if (guid_val) { all_partitions = true; base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module)); - base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", - ldb_binary_encode(req, *sid_val)); + base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", + ldb_binary_encode(req, *guid_val)); if (!base_dn_filter) { return ldb_oom(ldb_module_get_ctx(module)); } base_dn_scope = LDB_SCOPE_SUBTREE; base_dn_attrs = no_attr; - } else if (guid_val) { - + } else if (sid_val) { all_partitions = true; base_dn = ldb_get_default_basedn(ldb_module_get_ctx(module)); - base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", - ldb_binary_encode(req, *guid_val)); + base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", + ldb_binary_encode(req, *sid_val)); if (!base_dn_filter) { return ldb_oom(ldb_module_get_ctx(module)); } base_dn_scope = LDB_SCOPE_SUBTREE; base_dn_attrs = no_attr; - } else if (wkguid_val) { char *wkguid_dup; char *tail_str; |