summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2018-08-24 15:33:49 +0200
committerKarolin Seeger <kseeger@samba.org>2018-11-05 09:33:29 +0100
commit98db8eb90c25a3f8d748cbb55ff3732fe5eb68b9 (patch)
treedeeb07a6d6d246d7230094c237a64024eff8d895 /source4/dsdb
parent47745ae56288b836c73516dedb33edc5e324b8dc (diff)
downloadsamba-98db8eb90c25a3f8d748cbb55ff3732fe5eb68b9.tar.gz
s4:samldb: internally use extended dns while changing the primaryGroupID field
This is important, otherwise we'll loose the <SID=> component of the linked attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7a36cb30b716d56b84e894851c1a18e9eb3a0964)
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c29
1 files changed, 21 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 81d8c96437c..49c63cf1272 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1642,9 +1642,14 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
struct ldb_result *res, *group_res;
struct ldb_message_element *el;
struct ldb_message *msg;
+ uint32_t search_flags =
+ DSDB_FLAG_NEXT_MODULE | DSDB_SEARCH_SHOW_EXTENDED_DN;
uint32_t prev_rid, new_rid, uac;
struct dom_sid *prev_sid, *new_sid;
struct ldb_dn *prev_prim_group_dn, *new_prim_group_dn;
+ const char *new_prim_group_dn_ext_str = NULL;
+ struct ldb_dn *user_dn = NULL;
+ const char *user_dn_ext_str = NULL;
int ret;
const char * const noattrs[] = { NULL };
@@ -1658,10 +1663,15 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
/* Fetch information from the existing object */
ret = dsdb_module_search_dn(ac->module, ac, &res, ac->msg->dn, attrs,
- DSDB_FLAG_NEXT_MODULE, ac->req);
+ search_flags, ac->req);
if (ret != LDB_SUCCESS) {
return ret;
}
+ user_dn = res->msgs[0]->dn;
+ user_dn_ext_str = ldb_dn_get_extended_linearized(ac, user_dn, 1);
+ if (user_dn_ext_str == NULL) {
+ return ldb_operr(ldb);
+ }
uac = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
@@ -1725,7 +1735,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
ret = dsdb_module_search(ac->module, ac, &group_res,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
- noattrs, DSDB_FLAG_NEXT_MODULE,
+ noattrs, search_flags,
ac->req,
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(ac, prev_sid));
@@ -1745,7 +1755,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
ret = dsdb_module_search(ac->module, ac, &group_res,
ldb_get_default_basedn(ldb),
LDB_SCOPE_SUBTREE,
- noattrs, DSDB_FLAG_NEXT_MODULE,
+ noattrs, search_flags,
ac->req,
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(ac, new_sid));
@@ -1758,11 +1768,16 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
new_prim_group_dn = group_res->msgs[0]->dn;
+ new_prim_group_dn_ext_str = ldb_dn_get_extended_linearized(ac,
+ new_prim_group_dn, 1);
+ if (new_prim_group_dn_ext_str == NULL) {
+ return ldb_operr(ldb);
+ }
/* We need to be already a normal member of the new primary
* group in order to be successful. */
el = samdb_find_attribute(ldb, res->msgs[0], "memberOf",
- ldb_dn_get_linearized(new_prim_group_dn));
+ new_prim_group_dn_ext_str);
if (el == NULL) {
return LDB_ERR_UNWILLING_TO_PERFORM;
}
@@ -1774,8 +1789,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
}
msg->dn = new_prim_group_dn;
- ret = samdb_msg_add_delval(ldb, msg, msg, "member",
- ldb_dn_get_linearized(ac->msg->dn));
+ ret = samdb_msg_add_delval(ldb, msg, msg, "member", user_dn_ext_str);
if (ret != LDB_SUCCESS) {
return ret;
}
@@ -1793,8 +1807,7 @@ static int samldb_prim_group_change(struct samldb_ctx *ac)
}
msg->dn = prev_prim_group_dn;
- ret = samdb_msg_add_addval(ldb, msg, msg, "member",
- ldb_dn_get_linearized(ac->msg->dn));
+ ret = samdb_msg_add_addval(ldb, msg, msg, "member", user_dn_ext_str);
if (ret != LDB_SUCCESS) {
return ret;
}
View Lorry Controller Status