summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-22 15:53:14 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:20 +0100
commit7a3e4d04c7e06379eddacb4f025a3c48a0a754a4 (patch)
tree4eaaa457354caf4680878c74dc3b224199641cf1 /source4/dsdb
parentc2c715f9c9e0d465857ad118d632493131a5f9c5 (diff)
downloadsamba-7a3e4d04c7e06379eddacb4f025a3c48a0a754a4.tar.gz
samba-7a3e4d04c7e06379eddacb4f025a3c48a0a754a4.tar.bz2
samba-7a3e4d04c7e06379eddacb4f025a3c48a0a754a4.zip
s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a default one
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index fd08d49cdf..73acc2f7a7 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -236,6 +236,11 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
char *sddl_sd;
struct dom_sid *default_owner;
struct dom_sid *default_group;
+ struct security_descriptor *default_descriptor = NULL;
+
+ if (objectclass != NULL) {
+ default_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
+ }
if (object) {
user_descriptor = talloc(mem_ctx, struct security_descriptor);
@@ -251,7 +256,7 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
return NULL;
}
} else {
- user_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
+ user_descriptor = default_descriptor;
}
if (old_sd) {
@@ -284,6 +289,28 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
}
}
+ if (user_descriptor && default_descriptor &&
+ (user_descriptor->dacl == NULL))
+ {
+ user_descriptor->dacl = default_descriptor->dacl;
+ user_descriptor->type |= default_descriptor->type & (
+ SEC_DESC_DACL_PRESENT |
+ SEC_DESC_DACL_DEFAULTED|SEC_DESC_DACL_AUTO_INHERIT_REQ |
+ SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_PROTECTED |
+ SEC_DESC_DACL_TRUSTED);
+ }
+
+ if (user_descriptor && default_descriptor &&
+ (user_descriptor->sacl == NULL))
+ {
+ user_descriptor->sacl = default_descriptor->sacl;
+ user_descriptor->type |= default_descriptor->type & (
+ SEC_DESC_SACL_PRESENT |
+ SEC_DESC_SACL_DEFAULTED|SEC_DESC_SACL_AUTO_INHERIT_REQ |
+ SEC_DESC_SACL_AUTO_INHERITED|SEC_DESC_SACL_PROTECTED |
+ SEC_DESC_SERVER_SECURITY);
+ }
+
default_owner = get_default_ag(mem_ctx, dn,
session_info->security_token, ldb);
default_group = get_default_group(mem_ctx, ldb, default_owner);