summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-02-16 14:45:16 +1100
committerAndrew Tridgell <tridge@samba.org>2010-02-16 21:10:50 +1100
commit90203f87e7da3346ae9236e4d30c93b95a2ddad9 (patch)
tree5eb2caa2f160e9a9f69c6d9eb673ff128fa66352
parentc6d85d67f9b52e4071c84749a1f55de646a5451c (diff)
downloadsamba-90203f87e7da3346ae9236e4d30c93b95a2ddad9.tar.gz
samba-90203f87e7da3346ae9236e4d30c93b95a2ddad9.tar.bz2
samba-90203f87e7da3346ae9236e4d30c93b95a2ddad9.zip
s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags
This allows for controls to be added easily where they are needed.
-rw-r--r--source4/dsdb/common/util.c99
-rw-r--r--source4/dsdb/common/util.h1
-rw-r--r--source4/dsdb/schema/schema_init.c5
-rw-r--r--source4/dsdb/schema/schema_set.c4
-rw-r--r--source4/kdc/kpasswdd.c2
-rw-r--r--source4/libnet/libnet_join.c2
-rw-r--r--source4/libnet/libnet_samsync_ldb.c16
-rw-r--r--source4/ntptr/simple_ldb/ntptr_simple_ldb.c2
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c2
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c4
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c2
-rw-r--r--source4/rpc_server/samr/samr_password.c8
12 files changed, 52 insertions, 95 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 12185f999d..5178253ae1 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -783,7 +783,7 @@ int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc
const char *attr_name)
{
/* we use an empty replace rather than a delete, as it allows for
- samdb_replace() to be used everywhere */
+ dsdb_replace() to be used everywhere */
return ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL);
}
@@ -981,26 +981,10 @@ int samdb_msg_set_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc
}
/*
- replace elements in a record
-*/
-int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
-{
- int i;
-
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
- for (i=0;i<msg->num_elements;i++) {
- msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
- /* modify the samdb record */
- return ldb_modify(sam_ldb, msg);
-}
-
-/*
* Handle ldb_request in transaction
*/
static int dsdb_autotransaction_request(struct ldb_context *sam_ldb,
- struct ldb_request *req)
+ struct ldb_request *req)
{
int ret;
@@ -1023,55 +1007,6 @@ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb,
}
/*
- * replace elements in a record using LDB_CONTROL_AS_SYSTEM
- * used to skip access checks on operations
- * that are performed by the system
- */
-int samdb_replace_as_system(struct ldb_context *sam_ldb,
- TALLOC_CTX *mem_ctx,
- struct ldb_message *msg)
-{
- int i;
- int ldb_ret;
- struct ldb_request *req = NULL;
-
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
- for (i=0;i<msg->num_elements;i++) {
- msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
-
- ldb_ret = ldb_msg_sanity_check(sam_ldb, msg);
- if (ldb_ret != LDB_SUCCESS) {
- return ldb_ret;
- }
-
- ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx,
- msg,
- NULL,
- NULL,
- ldb_op_default_callback,
- NULL);
-
- if (ldb_ret != LDB_SUCCESS) {
- talloc_free(req);
- return ldb_ret;
- }
-
- ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL);
- if (ldb_ret != LDB_SUCCESS) {
- talloc_free(req);
- return ldb_ret;
- }
-
- /* do request and auto start a transaction */
- ldb_ret = dsdb_autotransaction_request(sam_ldb, req);
-
- talloc_free(req);
- return ldb_ret;
-}
-
-/*
return a default security descriptor
*/
struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)
@@ -2119,7 +2054,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
}
/* modify the samdb record */
- ret = samdb_replace(ldb, mem_ctx, msg);
+ ret = dsdb_replace(ldb, msg, 0);
if (ret != LDB_SUCCESS) {
ldb_transaction_cancel(ldb);
talloc_free(user_dn);
@@ -3434,6 +3369,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags)
}
}
+ if (dsdb_flags & DSDB_FLAG_AS_SYSTEM) {
+ ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+
return LDB_SUCCESS;
}
@@ -3461,11 +3403,24 @@ int dsdb_modify(struct ldb_context *ldb, const struct ldb_message *message,
return ret;
}
- ret = ldb_request(ldb, req);
- if (ret == LDB_SUCCESS) {
- ret = ldb_wait(req->handle, LDB_WAIT_ALL);
- }
+ ret = dsdb_autotransaction_request(ldb, req);
talloc_free(req);
return ret;
}
+
+/*
+ like dsdb_modify() but set all the element flags to
+ LDB_FLAG_MOD_REPLACE
+ */
+int dsdb_replace(struct ldb_context *ldb, struct ldb_message *msg, uint32_t dsdb_flags)
+{
+ int i;
+
+ /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+ for (i=0;i<msg->num_elements;i++) {
+ msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ }
+
+ return dsdb_modify(ldb, msg, dsdb_flags);
+}
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index 590653acc2..e80fdd8216 100644
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -30,3 +30,4 @@
#define DSDB_SEARCH_SHOW_EXTENDED_DN 0x0010
#define DSDB_MODIFY_RELAX 0x0020
#define DSDB_MODIFY_PERMISSIVE 0x0040
+#define DSDB_FLAG_AS_SYSTEM 0x0080
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index 77b4e2a473..c369d57fa9 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "lib/ldb/include/ldb_errors.h"
#include "../lib/util/dlinklist.h"
#include "librpc/gen_ndr/ndr_misc.h"
@@ -310,12 +311,12 @@ WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_co
return WERR_NOMEM;
}
- ldb_ret = samdb_replace_as_system(ldb, temp_ctx, msg);
+ ldb_ret = dsdb_replace(ldb, msg, DSDB_FLAG_AS_SYSTEM);
talloc_free(temp_ctx);
if (ldb_ret != 0) {
- DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: samdb_replace failed\n"));
+ DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: dsdb_replace failed\n"));
return WERR_FOOBAR;
}
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 99b26f6b9d..3dace04304 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -138,7 +138,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem
mod_msg = ldb_msg_diff(ldb, res->msgs[0], msg);
if (mod_msg->num_elements > 0) {
- ret = samdb_replace(ldb, mem_ctx, mod_msg);
+ ret = dsdb_replace(ldb, mod_msg, 0);
}
}
@@ -166,7 +166,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem
mod_msg = ldb_msg_diff(ldb, res_idx->msgs[0], msg_idx);
if (mod_msg->num_elements > 0) {
- ret = samdb_replace(ldb, mem_ctx, mod_msg);
+ ret = dsdb_replace(ldb, mod_msg, 0);
}
}
if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 8009f9c06a..2f4ebe0557 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -379,7 +379,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
if (NT_STATUS_IS_OK(status)) {
/* modify the samdb record */
- ret = samdb_replace(samdb, mem_ctx, msg);
+ ret = dsdb_replace(samdb, msg, 0);
if (ret != 0) {
DEBUG(2,("Failed to modify record to set password on %s: %s\n",
ldb_dn_get_linearized(msg->dn),
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index e60d45e316..5abe88bb89 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -331,7 +331,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
return NT_STATUS_NO_MEMORY;
}
- rtn = samdb_replace(remote_ldb, tmp_ctx, msg);
+ rtn = dsdb_replace(remote_ldb, msg, 0);
if (rtn != 0) {
r->out.error_string
= talloc_asprintf(r,
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index e7066ecfd2..e9db4a909c 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -222,7 +222,7 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx,
/* TODO: Account lockout, password properties */
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret) {
return NT_STATUS_INTERNAL_ERROR;
@@ -454,7 +454,7 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx,
}
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify user record %s: %s",
ldb_dn_get_linearized(msg->dn),
@@ -593,7 +593,7 @@ static NTSTATUS samsync_ldb_handle_group(TALLOC_CTX *mem_ctx,
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
@@ -708,7 +708,7 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx,
talloc_free(msgs);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
@@ -807,7 +807,7 @@ static NTSTATUS samsync_ldb_handle_alias(TALLOC_CTX *mem_ctx,
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify alias record %s: %s",
ldb_dn_get_linearized(msg->dn),
@@ -926,7 +926,7 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx,
talloc_free(msgs);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
@@ -970,7 +970,7 @@ static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx,
account->privilege_name[i].string);
}
- ret = samdb_replace(state->pdb, mem_ctx, msg);
+ ret = dsdb_replace(state->pdb, msg, 0);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
if (samdb_msg_add_dom_sid(state->pdb, msg, msg, "objectSid", sid) != LDB_SUCCESS) {
talloc_free(msg);
@@ -1028,7 +1028,7 @@ static NTSTATUS samsync_ldb_delete_account(TALLOC_CTX *mem_ctx,
samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
"privilege");
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s",
ldb_dn_get_linearized(msg->dn));
diff --git a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c
index feaa1a0e12..33632aa0fc 100644
--- a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c
+++ b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c
@@ -389,7 +389,7 @@ static WERROR sptr_SetPrintServerForm(struct ntptr_GenericHandle *server, TALLOC
return WERR_UNKNOWN_LEVEL;
}
- ret = samdb_replace(sptr_db, mem_ctx, msg);
+ ret = dsdb_replace(sptr_db, msg, 0);
if (ret != 0) {
return WERR_FOOBAR;
}
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index ed984f981e..53526ce15c 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2632,7 +2632,7 @@ static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_
}
/* modify the samdb record */
- ret = samdb_replace(secret_state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(secret_state->sam_ldb, msg, 0);
if (ret != LDB_SUCCESS) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index fb2601ab2f..f47f608527 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1200,7 +1200,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
"operatingSystemVersion");
- if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) {
+ if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) {
DEBUG(3,("Impossible to update samdb: %s\n",
ldb_errstring(sam_ctx)));
}
@@ -1262,7 +1262,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
);
}
- if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) {
+ if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) {
DEBUG(3,("Impossible to update samdb: %s\n",
ldb_errstring(sam_ctx)));
}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 76f35ddefb..61a9f1350b 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1415,7 +1415,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL
}
/* modify the samdb record */
- ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
+ ret = dsdb_replace(a_state->sam_ctx, msg, 0);
if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to modify account record %s to set userAccountControl: %s\n",
ldb_dn_get_linearized(msg->dn),
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 1ed1dd1b69..1a09283ea6 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -153,7 +153,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
/* The above call only setup the modifications, this actually
* makes the write to the database. */
- ret = samdb_replace(sam_ctx, mem_ctx, msg);
+ ret = dsdb_replace(sam_ctx, msg, 0);
if (ret != LDB_SUCCESS) {
DEBUG(2,("Failed to modify record to change password on %s: %s\n",
ldb_dn_get_linearized(a_state->account_dn),
@@ -310,7 +310,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
/* The above call only setup the modifications, this actually
* makes the write to the database. */
- ret = samdb_replace(sam_ctx, mem_ctx, mod);
+ ret = dsdb_replace(sam_ctx, mod, 0);
if (ret != LDB_SUCCESS) {
DEBUG(2,("Failed to modify record to change password on %s: %s\n",
ldb_dn_get_linearized(user_dn),
@@ -473,9 +473,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
/* The above call only setup the modifications, this actually
* makes the write to the database. */
- ret = samdb_replace(sam_ctx, mem_ctx, mod);
+ ret = dsdb_replace(sam_ctx, mod, 0);
if (ret != LDB_SUCCESS) {
- DEBUG(2,("samdb_replace failed to change password for %s: %s\n",
+ DEBUG(2,("dsdb_replace failed to change password for %s: %s\n",
ldb_dn_get_linearized(user_dn),
ldb_errstring(sam_ctx)));
status = NT_STATUS_UNSUCCESSFUL;