diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-12-16 20:39:18 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-12-16 20:56:24 +1100 |
commit | 934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3 (patch) | |
tree | 758c58e58658483c2be10f4ce1360d521d762eb1 | |
parent | 99557563141a3776b05bebba0436c56e72f9e20f (diff) | |
download | samba-934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3.tar.gz samba-934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3.tar.bz2 samba-934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3.zip |
s4-dsdb: don't actually remove the sd_flags control, just mark it non-critical
For controls that need to be seen by more than one module, it is best
to just mark them non-critical when handled, instead of removing
them. Otherwise lower modules can't see them.
In this case we want the operational module to see the SD_FLAGS
control
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 03cb1ff3e3..7622f968e5 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -536,6 +536,11 @@ static int descriptor_search_callback(struct ldb_request *req, struct ldb_reply sd_flags = sdctr->secinfo_flags; /* we only care for the last 4 bits */ sd_flags = sd_flags & 0x0000000F; + if (sd_flags == 0) { + /* MS-ADTS 3.1.1.3.4.1.11 says that no bits + equals all 4 bits */ + sd_flags = 0xF; + } } switch (ares->type) { @@ -589,7 +594,6 @@ static int descriptor_do_mod(struct descriptor_context *ac) struct ldb_message *msg; struct ldb_control *sd_control; struct ldb_control *sd_control2; - struct ldb_control **saved_controls; int flags = 0; uint32_t sd_flags = 0; @@ -646,13 +650,10 @@ static int descriptor_do_mod(struct descriptor_context *ac) if (ret != LDB_SUCCESS) { return ret; } - /* save it locally and remove it from the list */ - /* we do not need to replace them later as we - * are keeping the original req intact */ + /* mark it non-critical, so we don't get an error from the + backend, but mark that we've handled it */ if (sd_control) { - if (!save_controls(sd_control, mod_req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; - } + sd_control->critical = 0; } return ldb_next_request(ac->module, mod_req); @@ -836,7 +837,6 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req) int ret; struct ldb_context *ldb; struct ldb_control *sd_control; - struct ldb_control **saved_controls; struct ldb_request *down_req; struct descriptor_context *ac; @@ -862,13 +862,9 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req) if (ret != LDB_SUCCESS) { return ret; } - /* save it locally and remove it from the list */ - /* we do not need to replace them later as we - * are keeping the original req intact */ + /* mark it as handled */ if (sd_control) { - if (!save_controls(sd_control, down_req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; - } + sd_control->critical = 0; } return ldb_next_request(ac->module, down_req); |