s4:dsdb/descriptor: pass object_list to create_security_descriptor()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit a97b5f219678e409a851d9caf8317a6ef130c12f)

1 files changed, 13 insertions, 2 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 192c745e254..fb100f76283 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -249,9 +249,15 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
 	struct dom_sid *default_owner;
 	struct dom_sid *default_group;
 	struct security_descriptor *default_descriptor = NULL;
+	struct GUID *object_list = NULL;
 
 	if (objectclass != NULL) {
 		default_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
+		object_list = talloc_zero_array(mem_ctx, struct GUID, 2);
+		if (object_list == NULL) {
+			return NULL;
+		}
+		object_list[0] = objectclass->schemaIDGUID;
 	}
 
 	if (object) {
@@ -370,8 +376,13 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
 	default_owner = get_default_ag(mem_ctx, dn,
 				       session_info->security_token, ldb);
 	default_group = get_default_group(mem_ctx, ldb, default_owner);
-	new_sd = create_security_descriptor(mem_ctx, parent_descriptor, user_descriptor, true,
-					    NULL, SEC_DACL_AUTO_INHERIT|SEC_SACL_AUTO_INHERIT,
+	new_sd = create_security_descriptor(mem_ctx,
+					    parent_descriptor,
+					    user_descriptor,
+					    true,
+					    object_list,
+					    SEC_DACL_AUTO_INHERIT |
+					    SEC_SACL_AUTO_INHERIT,
 					    session_info->security_token,
 					    default_owner, default_group,
 					    map_generic_rights_ds);