summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-08-04 16:07:18 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-08-04 16:10:39 +1000
commitd7b39a353ab757d7f7914d08226114fc275032e8 (patch)
treea539c48676ee9932fe7e42228142aeaf0dcd856e /source4/lib
parent9b02d2391443c3c56d607d034d9d200703aa840b (diff)
downloadsamba-d7b39a353ab757d7f7914d08226114fc275032e8.tar.gz
samba-d7b39a353ab757d7f7914d08226114fc275032e8.tar.bz2
samba-d7b39a353ab757d7f7914d08226114fc275032e8.zip
s4:ldif_handlers Allow a binary nTsecurityDescriptor when parsing LDIF
Also allow a SDDL security descriptor, using the domain SID attached to the session (it will search for it during the LDIF parse if need be). Andrew Bartlett
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/ldb-samba/ldif_handlers.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c
index d2f26e7510..606d4df761 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -314,18 +314,34 @@ static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx
const struct ldb_val *in, struct ldb_val *out)
{
struct security_descriptor *sd;
+
enum ndr_err_code ndr_err;
- sd = sddl_decode(mem_ctx, (const char *)in->data, NULL);
+ sd = talloc(mem_ctx, struct security_descriptor);
if (sd == NULL) {
return -1;
}
+
+ ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd,
+ (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ /* If this does not parse, then it is probably SDDL, and we should try it that way */
+
+ struct dom_sid *sid = samdb_domain_sid(ldb);
+ talloc_free(sd);
+ sd = sddl_decode(mem_ctx, (const char *)in->data, sid);
+ if (sd == NULL) {
+ return -1;
+ }
+ }
+
ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sd,
(ndr_push_flags_fn_t)ndr_push_security_descriptor);
talloc_free(sd);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return -1;
}
+
return 0;
}