summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c82
1 files changed, 41 insertions, 41 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index e616295e3a..2c82445ba8 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1052,47 +1052,6 @@ static int samldb_member_check(struct samldb_ctx *ac)
}
-static int samldb_prim_group_users_check(struct samldb_ctx *ac)
-{
- struct ldb_context *ldb;
- struct dom_sid *sid;
- uint32_t rid;
- NTSTATUS status;
- int count;
-
- ldb = ldb_module_get_ctx(ac->module);
-
- /* Finds out the SID/RID of the SAM object */
- sid = samdb_search_dom_sid(ldb, ac, ac->req->op.del.dn, "objectSID",
- NULL);
- if (sid == NULL) {
- /* No SID - it might not be a SAM object - therefore ok */
- return LDB_SUCCESS;
- }
- status = dom_sid_split_rid(ac, sid, NULL, &rid);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_operr(ldb);
- }
- if (rid == 0) {
- /* Special object (security principal?) */
- return LDB_SUCCESS;
- }
-
- /* Deny delete requests from groups which are primary ones */
- count = samdb_search_count(ldb, NULL,
- "(&(primaryGroupID=%u)(objectClass=user))",
- rid);
- if (count < 0) {
- return ldb_operr(ldb);
- }
- if (count > 0) {
- return LDB_ERR_ENTRY_ALREADY_EXISTS;
- }
-
- return LDB_SUCCESS;
-}
-
-
/* add */
static int samldb_add(struct ldb_module *module, struct ldb_request *req)
{
@@ -1307,6 +1266,47 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
}
/* delete */
+
+static int samldb_prim_group_users_check(struct samldb_ctx *ac)
+{
+ struct ldb_context *ldb;
+ struct dom_sid *sid;
+ uint32_t rid;
+ NTSTATUS status;
+ int count;
+
+ ldb = ldb_module_get_ctx(ac->module);
+
+ /* Finds out the SID/RID of the SAM object */
+ sid = samdb_search_dom_sid(ldb, ac, ac->req->op.del.dn, "objectSID",
+ NULL);
+ if (sid == NULL) {
+ /* No SID - it might not be a SAM object - therefore ok */
+ return LDB_SUCCESS;
+ }
+ status = dom_sid_split_rid(ac, sid, NULL, &rid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ldb_operr(ldb);
+ }
+ if (rid == 0) {
+ /* Special object (security principal?) */
+ return LDB_SUCCESS;
+ }
+
+ /* Deny delete requests from groups which are primary ones */
+ count = samdb_search_count(ldb, NULL,
+ "(&(primaryGroupID=%u)(objectClass=user))",
+ rid);
+ if (count < 0) {
+ return ldb_operr(ldb);
+ }
+ if (count > 0) {
+ return LDB_ERR_ENTRY_ALREADY_EXISTS;
+ }
+
+ return LDB_SUCCESS;
+}
+
static int samldb_delete(struct ldb_module *module, struct ldb_request *req)
{
struct samldb_ctx *ac;