summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-01-02 16:53:20 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-02 17:28:36 +1100
commit504754856eed363dde28cdff821c086754deb7f8 (patch)
treeab3a9b146fda076e0efcb2d8b0e5d394a3cade7c /source4/dsdb
parente809b721e9d1a750c3c1bf48882532714af69e5f (diff)
downloadsamba-504754856eed363dde28cdff821c086754deb7f8.tar.gz
samba-504754856eed363dde28cdff821c086754deb7f8.tar.bz2
samba-504754856eed363dde28cdff821c086754deb7f8.zip
s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
w2k8-r2 gives a "schema mismatch" error if the revision is not set to REVISION_ADS and you replicate the ntsecuritydescriptor using DRS. Nadya, please check this! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index d5a5e36e0e..f07743c4a2 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -285,6 +285,14 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
if (!final_sd) {
return NULL;
}
+
+ if (final_sd->dacl) {
+ final_sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+ }
+ if (final_sd->sacl) {
+ final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS;
+ }
+
sddl_sd = sddl_encode(mem_ctx, final_sd, domain_sid);
DEBUG(10, ("Object %s created with desriptor %s\n\n", ldb_dn_get_linearized(dn), sddl_sd));