summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-12-16 20:39:18 +1100
committerAndrew Tridgell <tridge@samba.org>2009-12-16 20:56:24 +1100
commit934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3 (patch)
tree758c58e58658483c2be10f4ce1360d521d762eb1
parent99557563141a3776b05bebba0436c56e72f9e20f (diff)
downloadsamba-934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3.tar.gz
samba-934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3.tar.bz2
samba-934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3.zip
s4-dsdb: don't actually remove the sd_flags control, just mark it non-critical
For controls that need to be seen by more than one module, it is best to just mark them non-critical when handled, instead of removing them. Otherwise lower modules can't see them. In this case we want the operational module to see the SD_FLAGS control
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c24
1 files changed, 10 insertions, 14 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 03cb1ff3e3..7622f968e5 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -536,6 +536,11 @@ static int descriptor_search_callback(struct ldb_request *req, struct ldb_reply
sd_flags = sdctr->secinfo_flags;
/* we only care for the last 4 bits */
sd_flags = sd_flags & 0x0000000F;
+ if (sd_flags == 0) {
+ /* MS-ADTS 3.1.1.3.4.1.11 says that no bits
+ equals all 4 bits */
+ sd_flags = 0xF;
+ }
}
switch (ares->type) {
@@ -589,7 +594,6 @@ static int descriptor_do_mod(struct descriptor_context *ac)
struct ldb_message *msg;
struct ldb_control *sd_control;
struct ldb_control *sd_control2;
- struct ldb_control **saved_controls;
int flags = 0;
uint32_t sd_flags = 0;
@@ -646,13 +650,10 @@ static int descriptor_do_mod(struct descriptor_context *ac)
if (ret != LDB_SUCCESS) {
return ret;
}
- /* save it locally and remove it from the list */
- /* we do not need to replace them later as we
- * are keeping the original req intact */
+ /* mark it non-critical, so we don't get an error from the
+ backend, but mark that we've handled it */
if (sd_control) {
- if (!save_controls(sd_control, mod_req, &saved_controls)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
+ sd_control->critical = 0;
}
return ldb_next_request(ac->module, mod_req);
@@ -836,7 +837,6 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
int ret;
struct ldb_context *ldb;
struct ldb_control *sd_control;
- struct ldb_control **saved_controls;
struct ldb_request *down_req;
struct descriptor_context *ac;
@@ -862,13 +862,9 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
if (ret != LDB_SUCCESS) {
return ret;
}
- /* save it locally and remove it from the list */
- /* we do not need to replace them later as we
- * are keeping the original req intact */
+ /* mark it as handled */
if (sd_control) {
- if (!save_controls(sd_control, down_req, &saved_controls)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
+ sd_control->critical = 0;
}
return ldb_next_request(ac->module, down_req);