s4-dsdb: Common helper for setting "sAMAccountType" on User objects

Change-Id: I4480e7d1ed0c754e960028e0be9a90ee56935e94
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 35d7b65b3725ec5f84f398574750d8c76ccf7dd2..821ea56d6829868648ba4c42a21b109090874809 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -4886,3 +4886,39 @@ int dsdb_user_obj_set_defaults(struct ldb_context *ldb, struct ldb_message *usr_
 
        return LDB_SUCCESS;
 }
+
+/**
+ * Sets 'sAMAccountType on user object based on userAccountControl
+ * @param ldb Current ldb_context
+ * @param usr_obj ldb_message representing User object
+ * @param user_account_control Value for userAccountControl flags
+ * @param account_type_p Optional pointer to account_type to return
+ * @return LDB_SUCCESS or LDB_ERR* code on failure
+ */
+int dsdb_user_obj_set_account_type(struct ldb_context *ldb, struct ldb_message *usr_obj,
+                                  uint32_t user_account_control, uint32_t *account_type_p)
+{
+       int ret;
+       uint32_t account_type;
+       struct ldb_message_element *el;
+
+       account_type = ds_uf2atype(user_account_control);
+       if (account_type == 0) {
+               ldb_set_errstring(ldb, "dsdb: Unrecognized account type!");
+               return LDB_ERR_UNWILLING_TO_PERFORM;
+       }
+       ret = samdb_msg_add_uint(ldb, usr_obj, usr_obj,
+                                "sAMAccountType",
+                                account_type);
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+       el = ldb_msg_find_element(usr_obj, "sAMAccountType");
+       el->flags = LDB_FLAG_MOD_REPLACE;
+
+       if (account_type_p) {
+               *account_type_p = account_type;
+       }
+
+       return LDB_SUCCESS;
+}

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 4681decdc16e10e7f0af58463d1114ac2a18d17f..8f6172146427a9a3528c9733242709e61f6858fe 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1018,7 +1018,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
 
                el = ldb_msg_find_element(ac->msg, "userAccountControl");
                if (el != NULL) {
-                       uint32_t user_account_control, account_type;
+                       uint32_t user_account_control;
                        /* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */
                        user_account_control = ldb_msg_find_attr_as_uint(ac->msg,
                                                                         "userAccountControl",
@@ -1061,19 +1061,11 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
                                return LDB_ERR_OBJECT_CLASS_VIOLATION;
                        }
 
-                       account_type = ds_uf2atype(user_account_control);
-                       if (account_type == 0) {
-                               ldb_set_errstring(ldb, "samldb: Unrecognized account type!");
-                               return LDB_ERR_UNWILLING_TO_PERFORM;
-                       }
-                       ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
-                                                "sAMAccountType",
-                                                account_type);
+                       /* add "sAMAccountType" attribute */
+                       ret = dsdb_user_obj_set_account_type(ldb, ac->msg, user_account_control, NULL);
                        if (ret != LDB_SUCCESS) {
                                return ret;
                        }
-                       el2 = ldb_msg_find_element(ac->msg, "sAMAccountType");
-                       el2->flags = LDB_FLAG_MOD_REPLACE;
 
                        /* "isCriticalSystemObject" might be set */
                        if (user_account_control &

diff --git a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
index 298567eafb2012b55c4511f0e469683e827ca574..bbcad631cbbe213ebddd97cfead0f97fd3d570cf 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
+++ b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
@@ -249,23 +249,18 @@ static int _tr_restore_attributes(struct ldb_context *ldb, struct ldb_message *c
                                                  "operatorCount", "0");
                if (ret != LDB_SUCCESS) return ret;
 
-               /* restore "sAMAccountType" */
+               /* "userAccountControl" must exists on deleted object */
                user_account_control = ldb_msg_find_attr_as_uint(cur_msg, "userAccountControl", (uint32_t)-1);
                if (user_account_control == (uint32_t)-1) {
                        return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
                                         "reanimate: No 'userAccountControl' attribute found!");
                }
-               account_type = ds_uf2atype(user_account_control);
-               if (account_type == 0) {
-                       ldb_set_errstring(ldb, "reanimate: Unrecognized account type!");
-                       return LDB_ERR_UNWILLING_TO_PERFORM;
-               }
-               ret = samdb_msg_add_uint(ldb, new_msg, new_msg, "sAMAccountType", account_type);
+
+               /* restore "sAMAccountType" */
+               ret = dsdb_user_obj_set_account_type(ldb, new_msg, user_account_control, NULL);
                if (ret != LDB_SUCCESS) {
                        return ret;
                }
-               el = ldb_msg_find_element(new_msg, "sAMAccountType");
-               el->flags = LDB_FLAG_MOD_REPLACE;
 
                /* "userAccountControl" -> "primaryGroupID" mapping */
                if (!ldb_msg_find_element(new_msg, "primaryGroupID")) {