From d7b39a353ab757d7f7914d08226114fc275032e8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Aug 2009 16:07:18 +1000 Subject: s4:ldif_handlers Allow a binary nTsecurityDescriptor when parsing LDIF Also allow a SDDL security descriptor, using the domain SID attached to the session (it will search for it during the LDIF parse if need be). Andrew Bartlett --- source4/lib/ldb-samba/ldif_handlers.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index d2f26e7510..606d4df761 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -314,18 +314,34 @@ static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx const struct ldb_val *in, struct ldb_val *out) { struct security_descriptor *sd; + enum ndr_err_code ndr_err; - sd = sddl_decode(mem_ctx, (const char *)in->data, NULL); + sd = talloc(mem_ctx, struct security_descriptor); if (sd == NULL) { return -1; } + + ndr_err = ndr_pull_struct_blob(in, sd, NULL, sd, + (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + /* If this does not parse, then it is probably SDDL, and we should try it that way */ + + struct dom_sid *sid = samdb_domain_sid(ldb); + talloc_free(sd); + sd = sddl_decode(mem_ctx, (const char *)in->data, sid); + if (sd == NULL) { + return -1; + } + } + ndr_err = ndr_push_struct_blob(out, mem_ctx, NULL, sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor); talloc_free(sd); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return -1; } + return 0; } -- cgit