diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-08-24 15:33:49 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-11-05 09:33:29 +0100 |
commit | 98db8eb90c25a3f8d748cbb55ff3732fe5eb68b9 (patch) | |
tree | deeb07a6d6d246d7230094c237a64024eff8d895 /source4/dsdb | |
parent | 47745ae56288b836c73516dedb33edc5e324b8dc (diff) | |
download | samba-98db8eb90c25a3f8d748cbb55ff3732fe5eb68b9.tar.gz |
s4:samldb: internally use extended dns while changing the primaryGroupID field
This is important, otherwise we'll loose the <SID=> component of the
linked attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7a36cb30b716d56b84e894851c1a18e9eb3a0964)
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 81d8c96437c..49c63cf1272 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1642,9 +1642,14 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) struct ldb_result *res, *group_res; struct ldb_message_element *el; struct ldb_message *msg; + uint32_t search_flags = + DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN; uint32_t prev_rid, new_rid, uac; struct dom_sid *prev_sid, *new_sid; struct ldb_dn *prev_prim_group_dn, *new_prim_group_dn; + const char *new_prim_group_dn_ext_str = NULL; + struct ldb_dn *user_dn = NULL; + const char *user_dn_ext_str = NULL; int ret; const char * const noattrs[] = { NULL }; @@ -1658,10 +1663,15 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) /* Fetch information from the existing object */ ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs, - DSDB_FLAG_NEXT_MODULE, ac->req); + search_flags, ac->req); if (ret != LDB_SUCCESS) { return ret; } + user_dn = res->msgs[0]->dn; + user_dn_ext_str = ldb_dn_get_extended_linearized(ac, user_dn, 1); + if (user_dn_ext_str == NULL) { + return ldb_operr(ldb); + } uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0); @@ -1725,7 +1735,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) ret = dsdb_module_search(ac->module, ac, &group_res, ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE, - noattrs, DSDB_FLAG_NEXT_MODULE, + noattrs, search_flags, ac->req, "(objectSid=%s)", ldap_encode_ndr_dom_sid(ac, prev_sid)); @@ -1745,7 +1755,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) ret = dsdb_module_search(ac->module, ac, &group_res, ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE, - noattrs, DSDB_FLAG_NEXT_MODULE, + noattrs, search_flags, ac->req, "(objectSid=%s)", ldap_encode_ndr_dom_sid(ac, new_sid)); @@ -1758,11 +1768,16 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) return LDB_ERR_UNWILLING_TO_PERFORM; } new_prim_group_dn = group_res->msgs[0]->dn; + new_prim_group_dn_ext_str = ldb_dn_get_extended_linearized(ac, + new_prim_group_dn, 1); + if (new_prim_group_dn_ext_str == NULL) { + return ldb_operr(ldb); + } /* We need to be already a normal member of the new primary * group in order to be successful. */ el = samdb_find_attribute(ldb, res->msgs[0], "memberOf", - ldb_dn_get_linearized(new_prim_group_dn)); + new_prim_group_dn_ext_str); if (el == NULL) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -1774,8 +1789,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) } msg->dn = new_prim_group_dn; - ret = samdb_msg_add_delval(ldb, msg, msg, "member", - ldb_dn_get_linearized(ac->msg->dn)); + ret = samdb_msg_add_delval(ldb, msg, msg, "member", user_dn_ext_str); if (ret != LDB_SUCCESS) { return ret; } @@ -1793,8 +1807,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac) } msg->dn = prev_prim_group_dn; - ret = samdb_msg_add_addval(ldb, msg, msg, "member", - ldb_dn_get_linearized(ac->msg->dn)); + ret = samdb_msg_add_addval(ldb, msg, msg, "member", user_dn_ext_str); if (ret != LDB_SUCCESS) { return ret; } |