From ae61408e2f198ada294a826e375f0f4a1e7da3d6 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 25 Nov 2010 09:33:47 +0100 Subject: s4:lsa RPC server / objectclass LDB module - fix the creation of trusted domain objects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104 --- source4/rpc_server/lsa/dcesrv_lsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 1b55824bb1..4cb5da224d 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1056,7 +1056,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn); /* create the trusted_domain */ - ret = dsdb_add(sam_ldb, msg, DSDB_FLAG_AS_SYSTEM); + ret = ldb_add(sam_ldb, msg); switch (ret) { case LDB_SUCCESS: break; @@ -2949,7 +2949,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL secret_state->secret_dn = talloc_reference(secret_state, msg->dn); /* create the secret */ - ret = dsdb_add(secret_state->sam_ldb, msg, DSDB_FLAG_AS_SYSTEM); + ret = ldb_add(secret_state->sam_ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(0,("Failed to create secret record %s: %s\n", ldb_dn_get_linearized(msg->dn), -- cgit