From f8c0ad65ad783b3c82ec8ab120d18ad454fe2665 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 Nov 2012 12:49:16 +0100 Subject: [PATCH] s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621) Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam --- source4/dsdb/samdb/ldb_modules/descriptor.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 9ffb6eb27f0..36a64d06e6f 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -860,11 +860,13 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(ac->module, down_req); } -/* TODO */ + static int descriptor_rename(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); struct ldb_dn *olddn = req->op.rename.olddn; + struct ldb_dn *newdn = req->op.rename.newdn; + int ret; /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.rename.olddn)) { @@ -874,6 +876,21 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req) ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_rename: %s\n", ldb_dn_get_linearized(olddn)); + if (ldb_dn_compare(olddn, newdn) != 0) { + struct ldb_dn *nc_root; + + ret = dsdb_find_nc_root(ldb, req, newdn, &nc_root); + if (ret != LDB_SUCCESS) { + return ldb_oom(ldb); + } + + ret = dsdb_module_schedule_sd_propagation(module, nc_root, + newdn, true); + if (ret != LDB_SUCCESS) { + return ldb_operr(ldb); + } + } + return ldb_next_request(module, req); } -- 2.34.1