diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-12-16 20:39:55 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-12-16 20:56:24 +1100 |
commit | 41e403adb0fa76c8d15d5d1ef38b195a6da2265c (patch) | |
tree | 8910394efde95b8339d251c4919e42ef2db28a2a | |
parent | 934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3 (diff) | |
download | samba-41e403adb0fa76c8d15d5d1ef38b195a6da2265c.tar.gz samba-41e403adb0fa76c8d15d5d1ef38b195a6da2265c.tar.bz2 samba-41e403adb0fa76c8d15d5d1ef38b195a6da2265c.zip |
s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptor
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/operational.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 0ea4b798b4..3b1b13faf5 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -214,7 +214,8 @@ static const struct { enum op_remove { OPERATIONAL_REMOVE_ALWAYS, /* remove always */ - OPERATIONAL_REMOVE_UNASKED /* remove if not requested */ + OPERATIONAL_REMOVE_UNASKED,/* remove if not requested */ + OPERATIONAL_SD_FLAGS /* show if SD_FLAGS_OID set, or asked for */ }; /* @@ -225,7 +226,7 @@ static const struct { const char *attr; enum op_remove op; } operational_remove[] = { - { "nTSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED }, + { "nTSecurityDescriptor", OPERATIONAL_SD_FLAGS }, { "parentGUID", OPERATIONAL_REMOVE_ALWAYS }, { "replPropertyMetaData", OPERATIONAL_REMOVE_UNASKED }, { "unicodePwd", OPERATIONAL_REMOVE_UNASKED }, @@ -244,7 +245,8 @@ static const struct { */ static int operational_search_post_process(struct ldb_module *module, struct ldb_message *msg, - const char * const *attrs) + const char * const *attrs, + bool sd_flags_set) { struct ldb_context *ldb; int i, a=0; @@ -253,18 +255,20 @@ static int operational_search_post_process(struct ldb_module *module, /* removed any attrs that should not be shown to the user */ for (i=0; i<ARRAY_SIZE(operational_remove); i++) { - struct ldb_message_element *el; - switch (operational_remove[i].op) { case OPERATIONAL_REMOVE_UNASKED: if (ldb_attr_in_list(attrs, operational_remove[i].attr)) { continue; } case OPERATIONAL_REMOVE_ALWAYS: - el = ldb_msg_find_element(msg, operational_remove[i].attr); - if (el) { - ldb_msg_remove_element(msg, el); + ldb_msg_remove_attr(msg, operational_remove[i].attr); + break; + case OPERATIONAL_SD_FLAGS: + if (sd_flags_set || + ldb_attr_in_list(attrs, operational_remove[i].attr)) { + continue; } + ldb_msg_remove_attr(msg, operational_remove[i].attr); break; } } @@ -321,6 +325,7 @@ struct operational_context { struct ldb_request *req; const char * const *attrs; + bool sd_flags_set; }; static int operational_callback(struct ldb_request *req, struct ldb_reply *ares) @@ -344,8 +349,9 @@ static int operational_callback(struct ldb_request *req, struct ldb_reply *ares) /* for each record returned post-process to add any derived attributes that have been asked for */ ret = operational_search_post_process(ac->module, - ares->message, - ac->attrs); + ares->message, + ac->attrs, + ac->sd_flags_set); if (ret != 0) { return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); @@ -432,6 +438,9 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req } } + /* remember if the SD_FLAGS_OID was set */ + ac->sd_flags_set = (ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID) != NULL); + ret = ldb_build_search_req_ex(&down_req, ldb, ac, req->op.search.base, req->op.search.scope, |