The branch, master has been updated
via d7ca757 s4:objectclass LDB module - implement the
"isCriticalSystemObject" subtree delete protection
via 88e5375 s4:ldif_handlers.c - fix a typo
via c291858 s4:dsdb - fix unsigned integer save problems using the "%u"
specifier
via a72ffb0 s4:dsdb/common/util.c - describe the behaviour of the
functions "samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint"
a bit more
from 83871d2 Don't arbitrarily clean all parametric options in
add_a_service(), that is called from many places, not just smb.conf processing.
Only clean parametric options when doing actual smb.conf reading (or registry
equivalent).
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d7ca757b315181c678d4f874294f72b1114f3dad
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Oct 16 12:28:25 2010 +0200
s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree
delete protection
MS-ADTS 3.1.1.5.5.7.2
Autobuild-User: Matthias Dieter Wallnöfer <[email protected]>
Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
commit 88e5375ad3d0386371b19d0d3b851d7974afdcdb
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Oct 16 11:32:38 2010 +0200
s4:ldif_handlers.c - fix a typo
commit c2918581996b58c3e2a2416e6dd693978becd3a2
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Oct 14 17:01:39 2010 +0200
s4:dsdb - fix unsigned integer save problems using the "%u" specifier
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host
"tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or
better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
commit a72ffb0d0157dce2ac45e3b228f168a56c89f26e
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Oct 16 10:36:32 2010 +0200
s4:dsdb/common/util.c - describe the behaviour of the functions
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more
Unsigned int data in AD is a bit problematic to handle. Problem described by
abartlet.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 37 +++++++++++++++++++++---
source4/dsdb/samdb/ldb_modules/acl.c | 4 +-
source4/dsdb/samdb/ldb_modules/instancetype.c | 2 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 17 +++++++++++-
source4/dsdb/samdb/ldb_modules/operational.c | 10 ++++++-
source4/dsdb/samdb/ldb_modules/rootdse.c | 17 ++++++-----
source4/dsdb/samdb/ldb_modules/samldb.c | 15 +++++++---
source4/dsdb/tests/python/deletetest.py | 13 +++++++-
source4/lib/ldb-samba/ldif_handlers.c | 2 +-
source4/libnet/libnet_become_dc.c | 5 ++-
source4/libnet/libnet_unbecome_dc.c | 5 ++-
source4/rpc_server/lsa/dcesrv_lsa.c | 24 ++++++++--------
12 files changed, 109 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 1d28771..9e6ccbc 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -933,8 +933,17 @@ int samdb_msg_add_int(struct ldb_context *sam_ldb,
TALLOC_CTX *mem_ctx, struct l
}
/*
- add a unsigned int element to a message
-*/
+ * Add an unsigned int element to a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
const char *attr_name, unsigned int v)
{
@@ -955,8 +964,17 @@ int samdb_msg_add_int64(struct ldb_context *sam_ldb,
TALLOC_CTX *mem_ctx, struct
}
/*
- add a uint64_t element to a message
-*/
+ * Add an unsigned int64_t (uint64_t) element to a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
+ */
int samdb_msg_add_uint64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
const char *attr_name, uint64_t v)
{
@@ -1078,7 +1096,16 @@ int samdb_msg_set_int(struct ldb_context *sam_ldb,
TALLOC_CTX *mem_ctx,
}
/*
- * sets an unsigned integer in a message
+ * Sets an unsigned int element in a message
+ *
+ * The issue here is that we have not yet first cast to int32_t explicitly,
+ * before we cast to an signed int to printf() into the %d or cast to a
+ * int64_t before we then cast to a long long to printf into a %lld.
+ *
+ * There are *no* unsigned integers in Active Directory LDAP, even the RID
+ * allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
+ * (See the schema, and the syntax definitions in schema_syntax.c).
+ *
*/
int samdb_msg_set_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
struct ldb_message *msg, const char *attr_name,
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c
b/source4/dsdb/samdb/ldb_modules/acl.c
index 660b4df..3e302ef 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -425,8 +425,8 @@ static int acl_sDRightsEffective(struct ldb_module *module,
flags |= SECINFO_SACL;
}
}
- ldb_msg_add_fmt(msg, "sDRightsEffective", "%u", flags);
- return LDB_SUCCESS;
+ return samdb_msg_add_uint(ldb_module_get_ctx(module), msg, msg,
+ "sDRightsEffective", flags);
}
static int acl_add(struct ldb_module *module, struct ldb_request *req)
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c
b/source4/dsdb/samdb/ldb_modules/instancetype.c
index 5032462..a728502 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -162,7 +162,7 @@ static int instancetype_add(struct ldb_module *module,
struct ldb_request *req)
*/
instanceType = INSTANCE_TYPE_WRITE;
- ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instanceType);
+ ret = samdb_msg_add_uint(ldb, msg, msg, "instanceType", instanceType);
if (ret != LDB_SUCCESS) {
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 86708eb..02c3e46 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -1348,7 +1348,8 @@ static int objectclass_do_delete(struct oc_context *ac);
static int objectclass_delete(struct ldb_module *module, struct ldb_request
*req)
{
static const char * const attrs[] = { "nCName", "objectClass",
- "systemFlags", NULL };
+ "systemFlags",
+ "isCriticalSystemObject", NULL };
struct ldb_context *ldb;
struct ldb_request *search_req;
struct oc_context *ac;
@@ -1397,6 +1398,7 @@ static int objectclass_do_delete(struct oc_context *ac)
struct ldb_context *ldb;
struct ldb_dn *dn;
int32_t systemFlags;
+ bool isCriticalSystemObject;
int ret;
ldb = ldb_module_get_ctx(ac->module);
@@ -1466,6 +1468,19 @@ static int objectclass_do_delete(struct oc_context *ac)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
+ /* isCriticalSystemObject - but this only applies on tree delete
+ * operations - MS-ADTS 3.1.1.5.5.7.2 */
+ if (ldb_request_get_control(ac->req, LDB_CONTROL_TREE_DELETE_OID) !=
NULL) {
+ isCriticalSystemObject =
ldb_msg_find_attr_as_bool(ac->search_res->message,
+
"isCriticalSystemObject", false);
+ if (isCriticalSystemObject) {
+ ldb_asprintf_errstring(ldb,
+ "objectclass: Cannot tree-delete
%s, it's a critical system object!",
+
ldb_dn_get_linearized(ac->req->op.del.dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+ }
+
return ldb_next_request(ac->module, ac->req);
}
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c
b/source4/dsdb/samdb/ldb_modules/operational.c
index 633fd8d..5a5b5e9 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -454,6 +454,7 @@ static int construct_msds_keyversionnumber(struct
ldb_module *module,
enum ndr_err_code ndr_err;
const struct ldb_val *omd_value;
struct replPropertyMetaDataBlob *omd;
+ int ret;
omd_value = ldb_msg_find_ldb_val(msg, "replPropertyMetaData");
if (!omd_value) {
@@ -486,7 +487,14 @@ static int construct_msds_keyversionnumber(struct
ldb_module *module,
}
for (i=0; i<omd->ctr.ctr1.count; i++) {
if (omd->ctr.ctr1.array[i].attid ==
DRSUAPI_ATTRIBUTE_unicodePwd) {
- ldb_msg_add_fmt(msg, "msDS-KeyVersionNumber", "%u",
omd->ctr.ctr1.array[i].version);
+ ret = samdb_msg_add_uint(ldb_module_get_ctx(module),
+ msg, msg,
+ "msDS-KeyVersionNumber",
+
omd->ctr.ctr1.array[i].version);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(omd);
+ return ret;
+ }
break;
}
}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c
b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 7334bf3..a51785e 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -285,8 +285,9 @@ static int rootdse_add_dynamic(struct ldb_module *module,
struct ldb_message *ms
uint64_t seq_num;
int ret = ldb_sequence_number(ldb, LDB_SEQ_HIGHEST_SEQ,
&seq_num);
if (ret == LDB_SUCCESS) {
- if (ldb_msg_add_fmt(msg, "highestCommittedUSN",
- "%llu", (unsigned long
long)seq_num) != LDB_SUCCESS) {
+ if (samdb_msg_add_uint64(ldb, msg, msg,
+ "highestCommittedUSN",
+ seq_num) != LDB_SUCCESS) {
goto failed;
}
}
@@ -300,8 +301,8 @@ static int rootdse_add_dynamic(struct ldb_module *module,
struct ldb_message *ms
n++;
}
- if (ldb_msg_add_fmt(msg, "dsSchemaAttrCount",
- "%u", n) != LDB_SUCCESS) {
+ if (samdb_msg_add_uint(ldb, msg, msg, "dsSchemaAttrCount",
+ n) != LDB_SUCCESS) {
goto failed;
}
}
@@ -314,15 +315,15 @@ static int rootdse_add_dynamic(struct ldb_module *module,
struct ldb_message *ms
n++;
}
- if (ldb_msg_add_fmt(msg, "dsSchemaClassCount",
- "%u", n) != LDB_SUCCESS) {
+ if (samdb_msg_add_uint(ldb, msg, msg, "dsSchemaClassCount",
+ n) != LDB_SUCCESS) {
goto failed;
}
}
if (schema && do_attribute_explicit(attrs, "dsSchemaPrefixCount")) {
- if (ldb_msg_add_fmt(msg, "dsSchemaPrefixCount",
- "%u", schema->prefixmap->length) !=
LDB_SUCCESS) {
+ if (samdb_msg_add_uint(ldb, msg, msg, "dsSchemaPrefixCount",
+ schema->prefixmap->length) !=
LDB_SUCCESS) {
goto failed;
}
}
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index ff110b7..9d4f3b8 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -293,7 +293,8 @@ found:
return ldb_operr(ldb);
}
- ret = ldb_msg_add_fmt(ac->msg, "msDS-SecondaryKrbTgtNumber", "%u",
krbtgt_number);
+ ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
+ "msDS-SecondaryKrbTgtNumber", krbtgt_number);
if (ret != LDB_SUCCESS) {
return ldb_operr(ldb);
}
@@ -757,6 +758,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
struct ldb_message_element *el, *el2;
enum sid_generator sid_generator;
struct dom_sid *sid;
+ const char *tempstr;
int ret;
/* make sure that "sAMAccountType" is not specified */
@@ -791,9 +793,10 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
if (strcmp(ac->type, "user") == 0) {
/* Step 1.2: Default values */
+ tempstr = talloc_asprintf(ac->msg, "%d", UF_NORMAL_ACCOUNT);
+ if (tempstr == NULL) return ldb_operr(ldb);
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "userAccountControl",
- talloc_asprintf(ac->msg, "%d", UF_NORMAL_ACCOUNT));
+ "userAccountControl", tempstr);
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"badPwdCount", "0");
@@ -894,9 +897,11 @@ static int samldb_objectclass_trigger(struct samldb_ctx
*ac)
} else if (strcmp(ac->type, "group") == 0) {
/* Step 2.2: Default values */
+ tempstr = talloc_asprintf(ac->msg, "%d",
+ GTYPE_SECURITY_GLOBAL_GROUP);
+ if (tempstr == NULL) return ldb_operr(ldb);
ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "groupType",
- talloc_asprintf(ac->msg, "%d",
GTYPE_SECURITY_GLOBAL_GROUP));
+ "groupType", tempstr);
if (ret != LDB_SUCCESS) return ret;
/* Step 2.3: "groupType" -> "sAMAccountType" */
diff --git a/source4/dsdb/tests/python/deletetest.py
b/source4/dsdb/tests/python/deletetest.py
index 2b0372d..59ebf99 100755
--- a/source4/dsdb/tests/python/deletetest.py
+++ b/source4/dsdb/tests/python/deletetest.py
@@ -181,6 +181,7 @@ class BasicDeleteTests(unittest.TestCase):
attrs=["dsServiceName", "dNSHostName"])
self.assertEquals(len(res), 1)
+ # Delete failing since DC's nTDSDSA object is protected
try:
ldb.delete(res[0]["dsServiceName"][0])
self.fail()
@@ -191,6 +192,7 @@ class BasicDeleteTests(unittest.TestCase):
expression="(&(objectClass=computer)(dNSHostName=" +
res[0]["dNSHostName"][0] + "))")
self.assertEquals(len(res), 1)
+ # Deletes failing since DC's rIDSet object is protected
try:
ldb.delete(res[0]["rIDSetReferences"][0])
self.fail()
@@ -202,6 +204,8 @@ class BasicDeleteTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Deletes failing since three main crossRef objects are protected
+
try:
ldb.delete("cn=Enterprise Schema,cn=Partitions," +
self.configuration_dn)
self.fail()
@@ -239,8 +243,6 @@ class BasicDeleteTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
- # Performs some "systemFlags" testing
-
# Delete failing since "SYSTEM_FLAG_DISALLOW_DELETE"
try:
ldb.delete("CN=Users," + self.base_dn)
@@ -248,6 +250,13 @@ class BasicDeleteTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+ # Tree-delete failing since "isCriticalSystemObject"
+ try:
+ ldb.delete("CN=Computers," + self.base_dn, ["tree_delete:1"])
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
def test_all(self):
"""Basic delete tests"""
diff --git a/source4/lib/ldb-samba/ldif_handlers.c
b/source4/lib/ldb-samba/ldif_handlers.c
index e4e494f..14da31e 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -427,7 +427,7 @@ static int ldif_write_ntSecurityDescriptor(struct
ldb_context *ldb, void *mem_ct
}
/*
- canonicalise an objectCategory. We use the short form as the cannoical
form:
+ canonicalise an objectCategory. We use the short form as the canonical
form:
cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
*/
diff --git a/source4/libnet/libnet_become_dc.c
b/source4/libnet/libnet_become_dc.c
index 9da2515..157ddce 100644
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -3016,8 +3016,9 @@ static NTSTATUS becomeDC_ldap2_modify_computer(struct
libnet_BecomeDC_state *s)
msg->dn = ldb_dn_new(msg, s->ldap2.ldb, s->dest_dsa.computer_dn_str);
NT_STATUS_HAVE_NO_MEMORY(msg->dn);
- ret = ldb_msg_add_fmt(msg, "userAccountControl", "%u",
user_account_control);
- if (ret != 0) {
+ ret = samdb_msg_add_uint(s->ldap2.ldb, msg, msg, "userAccountControl",
+ user_account_control);
+ if (ret != LDB_SUCCESS) {
talloc_free(msg);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/libnet/libnet_unbecome_dc.c
b/source4/libnet/libnet_unbecome_dc.c
index d66c4be..bc96c4a 100644
--- a/source4/libnet/libnet_unbecome_dc.c
+++ b/source4/libnet/libnet_unbecome_dc.c
@@ -431,8 +431,9 @@ static NTSTATUS unbecomeDC_ldap_modify_computer(struct
libnet_UnbecomeDC_state *
msg->dn = ldb_dn_new(msg, s->ldap.ldb, s->dest_dsa.computer_dn_str);
NT_STATUS_HAVE_NO_MEMORY(msg->dn);
- ret = ldb_msg_add_fmt(msg, "userAccountControl", "%u",
user_account_control);
- if (ret != 0) {
+ ret = samdb_msg_add_uint(s->ldap.ldb, msg, msg, "userAccountControl",
+ user_account_control);
+ if (ret != LDB_SUCCESS) {
talloc_free(msg);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index d2339c0..4014ae0 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -814,8 +814,8 @@ static NTSTATUS add_trust_user(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_msg_add_fmt(msg, "userAccountControl", "%u",
- UF_INTERDOMAIN_TRUST_ACCOUNT);
+ ret = samdb_msg_add_uint(sam_ldb, msg, msg, "userAccountControl",
+ UF_INTERDOMAIN_TRUST_ACCOUNT);
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
@@ -1419,6 +1419,7 @@ static NTSTATUS get_tdo(struct ldb_context *sam,
TALLOC_CTX *mem_ctx,
}
static NTSTATUS update_uint32_t_value(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ldb,
struct ldb_message *orig,
struct ldb_message *dest,
const char *attribute,
@@ -1427,7 +1428,6 @@ static NTSTATUS update_uint32_t_value(TALLOC_CTX *mem_ctx,
{
const struct ldb_val *orig_val;
uint32_t orig_uint = 0;
- char *str_val;
int flags = 0;
int ret;
@@ -1455,11 +1455,7 @@ static NTSTATUS update_uint32_t_value(TALLOC_CTX
*mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- str_val = talloc_asprintf(mem_ctx, "%u", value);
- if (!str_val) {
- return NT_STATUS_NO_MEMORY;
- }
- ret = ldb_msg_add_steal_string(dest, attribute, str_val);
+ ret = samdb_msg_add_uint(sam_ldb, dest, dest, attribute, value);
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
@@ -1721,7 +1717,8 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
msg->dn = dom_msg->dn;
if (posix_offset) {
- nt_status = update_uint32_t_value(mem_ctx, dom_msg, msg,
+ nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+ dom_msg, msg,
"trustPosixOffset",
*posix_offset, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1735,7 +1732,8 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
uint32_t tmp;
int origtype;
- nt_status = update_uint32_t_value(mem_ctx, dom_msg, msg,
+ nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+ dom_msg, msg,
"trustDirection",
info_ex->trust_direction,
&origdir);
@@ -1766,7 +1764,8 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = update_uint32_t_value(mem_ctx, dom_msg, msg,
+ nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+ dom_msg, msg,
"trustAttributes",
info_ex->trust_attributes,
&origattrs);
@@ -1785,7 +1784,8 @@ static NTSTATUS setInfoTrustedDomain_base(struct
dcesrv_call_state *dce_call,
}
if (enc_types) {
- nt_status = update_uint32_t_value(mem_ctx, dom_msg, msg,
+ nt_status = update_uint32_t_value(mem_ctx, p_state->sam_ldb,
+ dom_msg, msg,
"msDS-SupportedEncryptionTypes",
*enc_types, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
--
Samba Shared Repository
