s4-dsdb: common helper to determine "primaryGroupID" attribute value

At the moment current implementation does not check if group RID
is existing group RID - this responsibility is left to the caller.

Change-Id: I8c58dd23a7185d63fa2117be0617884eb78d13c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 821ea56d6829868648ba4c42a21b109090874809..ac90cbc83be3f54ec36faa7204abbdeb3ee99ed2 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -4922,3 +4922,35 @@ int dsdb_user_obj_set_account_type(struct ldb_context *ldb, struct ldb_message *
 
        return LDB_SUCCESS;
 }
+
+/**
+ * Determine and set primaryGroupID based on userAccountControl value
+ * @param ldb Current ldb_context
+ * @param usr_obj ldb_message representing User object
+ * @param user_account_control Value for userAccountControl flags
+ * @param group_rid_p Optional pointer to group RID to return
+ * @return LDB_SUCCESS or LDB_ERR* code on failure
+ */
+int dsdb_user_obj_set_primary_group_id(struct ldb_context *ldb, struct ldb_message *usr_obj,
+                                      uint32_t user_account_control, uint32_t *group_rid_p)
+{
+       int ret;
+       uint32_t rid;
+       struct ldb_message_element *el;
+
+       rid = ds_uf2prim_group_rid(user_account_control);
+
+       ret = samdb_msg_add_uint(ldb, usr_obj, usr_obj,
+                                "primaryGroupID", rid);
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+       el = ldb_msg_find_element(usr_obj, "primaryGroupID");
+       el->flags = LDB_FLAG_MOD_REPLACE;
+
+       if (group_rid_p) {
+               *group_rid_p = rid;
+       }
+
+       return LDB_SUCCESS;
+}

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 8f6172146427a9a3528c9733242709e61f6858fe..664ace08f25cb939716d17aa748bd8a2b2d8fb3c 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1091,8 +1091,12 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
 
                        /* Step 1.4: "userAccountControl" -> "primaryGroupID" mapping */
                        if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
-                               uint32_t rid = ds_uf2prim_group_rid(user_account_control);
+                               uint32_t rid;
 
+                               ret = dsdb_user_obj_set_primary_group_id(ldb, ac->msg, user_account_control, &rid);
+                               if (ret != LDB_SUCCESS) {
+                                       return ret;
+                               }
                                /*
                                 * Older AD deployments don't know about the
                                 * RODC group
@@ -1103,15 +1107,6 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
                                                return ret;
                                        }
                                }
-
-                               ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
-                                                        "primaryGroupID", rid);
-                               if (ret != LDB_SUCCESS) {
-                                       return ret;
-                               }
-                               el2 = ldb_msg_find_element(ac->msg,
-                                                          "primaryGroupID");
-                               el2->flags = LDB_FLAG_MOD_REPLACE;
                        }
 
                        /* Step 1.5: Add additional flags when needed */

diff --git a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
index bbcad631cbbe213ebddd97cfead0f97fd3d570cf..fa24ca45f376891e3437e628e527ac5136905fe2 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
+++ b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
@@ -235,6 +235,7 @@ static int _tr_restore_attributes(struct ldb_context *ldb, struct ldb_message *c
 
        /* objectClass is USER */
        if (samdb_find_attribute(ldb, cur_msg, "objectclass", "user") != NULL) {
+               uint32_t primary_group_rid;
                /* restoring 'user' instance attribute is heavily borrowed from samldb.c */
 
                /* Default values */
@@ -263,17 +264,18 @@ static int _tr_restore_attributes(struct ldb_context *ldb, struct ldb_message *c
                }
 
                /* "userAccountControl" -> "primaryGroupID" mapping */
-               if (!ldb_msg_find_element(new_msg, "primaryGroupID")) {
-                       uint32_t rid = ds_uf2prim_group_rid(user_account_control);
-
-                       ret = samdb_msg_add_uint(ldb, new_msg, new_msg,
-                                                "primaryGroupID", rid);
-                       if (ret != LDB_SUCCESS) {
-                               return ret;
-                       }
-                       el = ldb_msg_find_element(new_msg, "primaryGroupID");
-                       el->flags = LDB_FLAG_MOD_REPLACE;
+               ret = dsdb_user_obj_set_primary_group_id(ldb, new_msg, user_account_control, &primary_group_rid);
+               if (ret != LDB_SUCCESS) {
+                       return ret;
                }
+               /*
+                * Older AD deployments don't know about the
+                * RODC group
+                */
+               if (primary_group_rid == DOMAIN_RID_READONLY_DCS) {
+                       /* TODO:  check group exists */
+               }
+
        }
 
        /* objectClass is GROUP */