[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1424-g1d9a95e
Matthias Dieter Wallnöfer
mdw at samba.org
Mon Sep 7 00:44:50 MDT 2009
The branch, master has been updated
via 1d9a95e31028d18c66be8db3ab728aebce54aaf9 (commit)
via 90d6829f8a6dcb9d4851ad587d75680de6815041 (commit)
via 5107f6fd0acc7d8e5a69bd838f44f74f0a094290 (commit)
via fc90586a4255db717e344eaf7d7f7b2d7b89b571 (commit)
via a3d7534c86e710bb9ce51f16527772925c816c63 (commit)
via 88f546dfd9ac579f829556e2d2cce0e20e8aed4e (commit)
via ad244f72525d3cad5238d65dee16a4562cae533d (commit)
via 5f2832a5dc02e6d240c398e3fada4c92ae99d4ea (commit)
via 353481daa2497f52c8eec6d760981f17a5f528ca (commit)
via 931aa4e8bd83e515b992d3df726c5804d941de64 (commit)
from 43c766a14a5eeed80e57bae9fde21eb2b542c209 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1d9a95e31028d18c66be8db3ab728aebce54aaf9
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 6 20:23:02 2009 +0200
s4:samldb - Fix typo
commit 90d6829f8a6dcb9d4851ad587d75680de6815041
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 6 19:57:50 2009 +0200
s4:Foreign security principals - Fix them up
I fixed them up to match with Windows Server 2003. I don't think that the
creation of them in the provision script is needed so I put them in the
"provision_users.ldif" file.
commit 5107f6fd0acc7d8e5a69bd838f44f74f0a094290
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 6 17:27:51 2009 +0200
s4:subtree delete module - Cosmetic adaptions
commit fc90586a4255db717e344eaf7d7f7b2d7b89b571
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Wed Aug 26 01:49:00 2009 +0200
s4:ldap.py - Adds a test for the primary group behaviour
This passes the Windows Server behaviour. Also SAMBA 4 should match it.
Also some small enhancement.
commit a3d7534c86e710bb9ce51f16527772925c816c63
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Thu Aug 20 21:13:13 2009 +0200
s4:provision - Change the module order to match Windows Server
Tests show that Windows Server seems to do the access checks on the very last moment.
commit 88f546dfd9ac579f829556e2d2cce0e20e8aed4e
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Aug 17 23:39:41 2009 +0200
s4:sam - Implement also here the right primary group behaviour
We have not only to expand the additional groups but *also* the primary group to
gain all rights of a user account.
Also, remove an unneeded context (tmp_ctx) and "talloc_steal".
commit ad244f72525d3cad5238d65dee16a4562cae533d
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Aug 17 22:34:08 2009 +0200
s4:samr - Fix up the SAMR server to support the primary group of a user in the right way
When doing some tests with the NT User Manager for Domains on s4 I noticed that the
handling of the primary group for a user wasn't correct. So I fixed this.
Also some cosmetic changes (tab indent corrections).
commit 5f2832a5dc02e6d240c398e3fada4c92ae99d4ea
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Aug 17 21:29:47 2009 +0200
s4:samldb - Major rework
This fixes up the change of the primary group of a user when using the ADUC
console:
- When the "primaryGroupId" attribute changes, we have to delete the
"member"/"memberOf" attribute reference of the new primary group and add one
for the old primary group.
- Deny deletion of primary groups according to Windows Server (so we cannot
have invalid "primaryGroupID" attributes in our AD).
- We cannot add a primary group directly before it isn't a secondary one of a
user account.
- We cannot add a secondary reference ("member" attribute) when the group has
been chosen as primary one.
This also removes the LDB templates which are basically overhead now.
This should also fix bug #6599.
commit 353481daa2497f52c8eec6d760981f17a5f528ca
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 6 21:08:08 2009 +0200
s4:provision - Add a new delete function only for users and computers
We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
commit 931aa4e8bd83e515b992d3df726c5804d941de64
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Wed Aug 26 03:51:45 2009 +0200
s4:provision - Change the "provision_users.ldif" file to support the "samldb" changes
The "provision_users.ldif" file needs some rework to pass against the changed
and improved "samldb" module (see next commit).
-----------------------------------------------------------------------
Summary of changes:
source4/auth/sam.c | 117 ++-
source4/dsdb/samdb/ldb_modules/samldb.c | 1245 ++++++++++++++++++-----
source4/dsdb/samdb/ldb_modules/subtree_delete.c | 27 +-
source4/lib/ldb/tests/python/ldap.py | 144 +++-
source4/rpc_server/samr/dcesrv_samr.c | 317 ++++---
source4/scripting/python/samba/__init__.py | 25 +
source4/scripting/python/samba/provision.py | 53 +-
source4/setup/provision.ldif | 2 +
source4/setup/provision_templates.ldif | 43 -
source4/setup/provision_templates_init.ldif | 10 -
source4/setup/provision_users.ldif | 90 ++-
11 files changed, 1501 insertions(+), 572 deletions(-)
delete mode 100644 source4/setup/provision_templates.ldif
delete mode 100644 source4/setup/provision_templates_init.ldif
Changeset truncated at 500 lines:
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 562117b..a9bae6d 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -373,105 +373,130 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
const char *domain_name,
struct ldb_dn *domain_dn,
struct ldb_message *msg,
- DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
- struct auth_serversupplied_info **_server_info)
+ DATA_BLOB user_sess_key,
+ DATA_BLOB lm_sess_key,
+ struct auth_serversupplied_info
+ **_server_info)
{
NTSTATUS status;
struct auth_serversupplied_info *server_info;
- int group_ret = 0;
- /* find list of sids */
- struct dom_sid **groupSIDs = NULL;
+ const char *str;
+ struct dom_sid *tmp_sid;
+ /* SIDs for the account and his primary group */
struct dom_sid *account_sid;
struct dom_sid *primary_group_sid;
- const char *str;
- uint_t rid;
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ /* SID structures for the expanded group memberships */
+ struct dom_sid **groupSIDs = NULL, **groupSIDs_2 = NULL;
+ int num_groupSIDs = 0, num_groupSIDs_2 = 0, i;
- server_info = talloc(tmp_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info, tmp_ctx);
+ server_info = talloc(mem_ctx, struct auth_serversupplied_info);
+ NT_STATUS_HAVE_NO_MEMORY(server_info);
account_sid = samdb_result_dom_sid(server_info, msg, "objectSid");
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(account_sid, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(account_sid, server_info);
- status = authsam_expand_nested_groups(sam_ctx, account_sid, true,
- server_info, &groupSIDs, &group_ret);
+ primary_group_sid = dom_sid_add_rid(server_info,
+ samdb_domain_sid(sam_ctx),
+ samdb_result_uint(msg, "primaryGroupID", ~0));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_sid, server_info);
+
+ /* Expands the primary group */
+ status = authsam_expand_nested_groups(sam_ctx, primary_group_sid, false,
+ server_info, &groupSIDs, &num_groupSIDs);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
+ talloc_free(server_info);
return status;
}
- primary_group_sid = dom_sid_dup(server_info, account_sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_sid, tmp_ctx);
+ /* Expands the additional groups */
+ status = authsam_expand_nested_groups(sam_ctx, account_sid, true,
+ server_info, &groupSIDs_2, &num_groupSIDs_2);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(server_info);
+ return status;
+ }
- rid = samdb_result_uint(msg, "primaryGroupID", ~0);
- if (rid == ~0) {
- if (group_ret > 0) {
- primary_group_sid = groupSIDs[0];
- } else {
- primary_group_sid = NULL;
+ /* Merge the two expanded structures (groupSIDs, groupSIDs_2) */
+ for (i = 0; i < num_groupSIDs_2; i++)
+ if (!sids_contains_sid((const struct dom_sid **) groupSIDs,
+ num_groupSIDs, groupSIDs_2[i])) {
+ tmp_sid = dom_sid_dup(server_info, groupSIDs_2[i]);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(tmp_sid, server_info);
+ groupSIDs = talloc_realloc(server_info, groupSIDs,
+ struct dom_sid *, num_groupSIDs + 1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(groupSIDs,
+ server_info);
+ groupSIDs[num_groupSIDs] = tmp_sid;
+ ++num_groupSIDs;
}
- } else {
- primary_group_sid->sub_auths[primary_group_sid->num_auths-1] = rid;
- }
+ talloc_free(groupSIDs_2);
server_info->account_sid = account_sid;
server_info->primary_group_sid = primary_group_sid;
- server_info->n_domain_groups = group_ret;
server_info->domain_groups = groupSIDs;
+ server_info->n_domain_groups = num_groupSIDs;
- server_info->account_name = talloc_steal(server_info, samdb_result_string(msg, "sAMAccountName", NULL));
+ server_info->account_name = talloc_steal(server_info,
+ samdb_result_string(msg, "sAMAccountName", NULL));
server_info->domain_name = talloc_strdup(server_info, domain_name);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_name, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_name,
+ server_info);
str = samdb_result_string(msg, "displayName", "");
server_info->full_name = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->full_name, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->full_name, server_info);
str = samdb_result_string(msg, "scriptPath", "");
server_info->logon_script = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->logon_script, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->logon_script,
+ server_info);
str = samdb_result_string(msg, "profilePath", "");
server_info->profile_path = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->profile_path, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->profile_path,
+ server_info);
str = samdb_result_string(msg, "homeDirectory", "");
server_info->home_directory = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->home_directory, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->home_directory,
+ server_info);
str = samdb_result_string(msg, "homeDrive", "");
server_info->home_drive = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->home_drive, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->home_drive, server_info);
server_info->logon_server = talloc_strdup(server_info, netbios_name);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->logon_server, tmp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->logon_server,
+ server_info);
server_info->last_logon = samdb_result_nttime(msg, "lastLogon", 0);
server_info->last_logoff = samdb_result_last_logoff(msg);
server_info->acct_expiry = samdb_result_account_expires(msg);
- server_info->last_password_change = samdb_result_nttime(msg, "pwdLastSet", 0);
-
+ server_info->last_password_change = samdb_result_nttime(msg,
+ "pwdLastSet", 0);
server_info->allow_password_change
= samdb_result_allow_password_change(sam_ctx, mem_ctx,
- domain_dn, msg, "pwdLastSet");
+ domain_dn, msg, "pwdLastSet");
server_info->force_password_change
- = samdb_result_force_password_change(sam_ctx, mem_ctx,
- domain_dn, msg);
-
+ = samdb_result_force_password_change(sam_ctx, mem_ctx,
+ domain_dn, msg);
server_info->logon_count = samdb_result_uint(msg, "logonCount", 0);
- server_info->bad_password_count = samdb_result_uint(msg, "badPwdCount", 0);
+ server_info->bad_password_count = samdb_result_uint(msg, "badPwdCount",
+ 0);
server_info->acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx,
msg, domain_dn);
- server_info->user_session_key = user_sess_key;
- server_info->lm_session_key = lm_sess_key;
+ server_info->user_session_key = data_blob_talloc_reference(server_info,
+ &user_sess_key);
+ server_info->lm_session_key = data_blob_talloc_reference(server_info,
+ &lm_sess_key);
server_info->authenticated = true;
- *_server_info = talloc_steal(mem_ctx, server_info);
+ *_server_info = server_info;
return NT_STATUS_OK;
}
@@ -499,8 +524,8 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
}
/* pull the user attributes */
- ret = gendb_search_single_extended_dn(sam_ctx, tmp_ctx, user_dn, LDB_SCOPE_BASE,
- msg, attrs, "(objectClass=*)");
+ ret = gendb_search_single_extended_dn(sam_ctx, tmp_ctx, user_dn,
+ LDB_SCOPE_BASE, msg, attrs, "(objectClass=*)");
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index e022984..886b0ac 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -3,6 +3,7 @@
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2005
Copyright (C) Simo Sorce 2004-2008
+ Copyright (C) Matthias Dieter Wallnöfer 2009
* NOTICE: this module is NOT released under the GNU LGPL license as
* other ldb code. This module is release under the GNU GPL v3 or
@@ -54,24 +55,48 @@ struct samldb_ctx {
struct ldb_module *module;
struct ldb_request *req;
+ /* used for add operations */
+ const char *type;
+
/* the resulting message */
struct ldb_message *msg;
- /* used to apply templates */
- const char *type;
-
/* used to find parent domain */
struct ldb_dn *check_dn;
struct ldb_dn *domain_dn;
struct dom_sid *domain_sid;
uint32_t next_rid;
- /* generic storage, remember to zero it before use */
- struct ldb_reply *ares;
-
/* holds the entry SID */
struct dom_sid *sid;
+ /* holds a generic dn */
+ struct ldb_dn *dn;
+
+ /* used in conjunction with "sid" in "samldb_dn_from_sid" */
+ struct ldb_dn *res_dn;
+
+ /* used in conjunction with "dn" in "samldb_sid_from_dn" */
+ struct dom_sid *res_sid;
+
+ /* used in "samldb_user_dn_to_prim_group_rid" */
+ uint32_t prim_group_rid;
+
+ /* used in conjunction with "prim_group_rid" in
+ * "samldb_prim_group_rid_to_users_cnt" */
+ unsigned int users_cnt;
+
+ /* used in "samldb_group_add_member" and "samldb_group_del_member" */
+ struct ldb_dn *group_dn;
+ struct ldb_dn *member_dn;
+
+ /* used in "samldb_primary_group_change" */
+ struct ldb_dn *user_dn;
+ struct ldb_dn *old_prim_group_dn, *new_prim_group_dn;
+
+ /* generic counter - used in "samldb_member_check" */
+ unsigned int cnt;
+
/* all the async steps necessary to complete the operation */
struct samldb_step *steps;
struct samldb_step *curstep;
@@ -99,23 +124,26 @@ static struct samldb_ctx *samldb_ctx_init(struct ldb_module *module,
static int samldb_add_step(struct samldb_ctx *ac, samldb_step_fn_t fn)
{
- struct samldb_step *step;
+ struct samldb_step *step, *stepper;
step = talloc_zero(ac, struct samldb_step);
if (step == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
+ step->fn = fn;
+
if (ac->steps == NULL) {
ac->steps = step;
ac->curstep = step;
} else {
- ac->curstep->next = step;
- ac->curstep = step;
+ if (ac->curstep == NULL)
+ return LDB_ERR_OPERATIONS_ERROR;
+ for (stepper = ac->curstep; stepper->next != NULL;
+ stepper = stepper->next);
+ stepper->next = step;
}
- step->fn = fn;
-
return LDB_SUCCESS;
}
@@ -141,179 +169,9 @@ static int samldb_next_step(struct samldb_ctx *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
-static int samldb_search_template_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- struct samldb_ctx *ac;
- int ret;
-
- ac = talloc_get_type(req->context, struct samldb_ctx);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- /* save entry */
- if (ac->ares != NULL) {
- /* one too many! */
- ldb_set_errstring(ldb,
- "Invalid number of results while searching "
- "for template objects");
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
-
- ac->ares = talloc_steal(ac, ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_REFERRAL:
- /* ignore */
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_DONE:
-
- talloc_free(ares);
- ret = samldb_next_step(ac);
- break;
- }
-
-done:
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
-
- return LDB_SUCCESS;
-}
-
-static int samldb_search_template(struct samldb_ctx *ac)
-{
- struct ldb_context *ldb;
- struct tevent_context *ev;
- struct loadparm_context *lparm_ctx;
- struct ldb_context *templates_ldb;
- char *templates_ldb_path;
- struct ldb_request *req;
- struct ldb_dn *basedn;
- void *opaque;
- int ret;
-
- ldb = ldb_module_get_ctx(ac->module);
-
- opaque = ldb_get_opaque(ldb, "loadparm");
- lparm_ctx = talloc_get_type(opaque, struct loadparm_context);
- if (lparm_ctx == NULL) {
- ldb_set_errstring(ldb,
- "Unable to find loadparm context\n");
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- opaque = ldb_get_opaque(ldb, "templates_ldb");
- templates_ldb = talloc_get_type(opaque, struct ldb_context);
-
- /* make sure we have the templates ldb */
- if (!templates_ldb) {
- templates_ldb_path = samdb_relative_path(ldb, ac,
- "templates.ldb");
- if (!templates_ldb_path) {
- ldb_set_errstring(ldb,
- "samldb_init_template: ERROR: Failed "
- "to contruct path for template db");
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ev = ldb_get_event_context(ldb);
-
- templates_ldb = ldb_wrap_connect(ldb, ev,
- lparm_ctx, templates_ldb_path,
- NULL, NULL, 0, NULL);
- talloc_free(templates_ldb_path);
-
- if (!templates_ldb) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ret = ldb_set_opaque(ldb,
- "templates_ldb", templates_ldb);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- }
-
- /* search template */
- basedn = ldb_dn_new_fmt(ac, templates_ldb,
- "cn=Template%s,cn=Templates", ac->type);
- if (basedn == NULL) {
- ldb_set_errstring(ldb,
- "samldb_init_template: ERROR: Failed "
- "to contruct DN for template");
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- /* pull the template record */
- ret = ldb_build_search_req(&req, templates_ldb, ac,
- basedn, LDB_SCOPE_BASE,
- "(distinguishedName=*)", NULL,
- NULL,
- ac, samldb_search_template_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- talloc_steal(req, basedn);
- ac->ares = NULL;
-
- return ldb_request(templates_ldb, req);
-}
-
-static int samldb_apply_template(struct samldb_ctx *ac)
-{
- struct ldb_context *ldb;
- struct ldb_message_element *el;
- struct ldb_message *msg;
- int i, j;
- int ret;
-
- ldb = ldb_module_get_ctx(ac->module);
- msg = ac->ares->message;
-
- for (i = 0; i < msg->num_elements; i++) {
- el = &msg->elements[i];
- /* some elements should not be copied */
- if (ldb_attr_cmp(el->name, "cn") == 0 ||
- ldb_attr_cmp(el->name, "name") == 0 ||
- ldb_attr_cmp(el->name, "objectClass") == 0 ||
- ldb_attr_cmp(el->name, "sAMAccountName") == 0 ||
- ldb_attr_cmp(el->name, "distinguishedName") == 0 ||
- ldb_attr_cmp(el->name, "objectGUID") == 0) {
- continue;
- }
- for (j = 0; j < el->num_values; j++) {
- ret = samdb_find_or_add_attribute(
- ldb, ac->msg, el->name,
- (char *)el->values[j].data);
- if (ret != LDB_SUCCESS) {
- ldb_set_errstring(ldb,
- "Failed adding template attribute\n");
- return LDB_ERR_OPERATIONS_ERROR;
- }
- }
- }
-
- return samldb_next_step(ac);
-}
+/*
+ * samldb_get_parent_domain (async)
+ */
static int samldb_get_parent_domain(struct samldb_ctx *ac);
@@ -340,11 +198,11 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
switch (ares->type) {
case LDB_REPLY_ENTRY:
/* save entry */
- if (ac->domain_dn != NULL) {
+ if ((ac->domain_dn != NULL) || (ac->domain_sid != NULL)) {
/* one too many! */
ldb_set_errstring(ldb,
"Invalid number of results while searching "
- "for domain object");
+ "for domain object!");
ret = LDB_ERR_OPERATIONS_ERROR;
break;
}
@@ -353,9 +211,10 @@ static int samldb_get_parent_domain_callback(struct ldb_request *req,
"nextRid", NULL);
if (nextRid == NULL) {
ldb_asprintf_errstring(ldb,
- "while looking for domain above %s attribute nextRid not found in %s\n",
- ldb_dn_get_linearized(ac->req->op.add.message->dn),
- ldb_dn_get_linearized(ares->message->dn));
+ "While looking for domain above %s attribute nextRid not found in %s!\n",
+ ldb_dn_get_linearized(
+ ac->req->op.add.message->dn),
+ ldb_dn_get_linearized(ares->message->dn));
ret = LDB_ERR_OPERATIONS_ERROR;
break;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list