diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-21 10:15:58 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:20 +0100 |
commit | 690b5e11618eb0385272d6a003761db22369e620 (patch) | |
tree | a7fb9648f130371562e63b8584608c04675485e7 | |
parent | 2916313f8016720fb36180db341efbf7b91522f6 (diff) | |
download | samba-690b5e11618eb0385272d6a003761db22369e620.tar.gz samba-690b5e11618eb0385272d6a003761db22369e620.tar.bz2 samba-690b5e11618eb0385272d6a003761db22369e620.zip |
s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with SHOW_RECYCLED
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 0a262885d8..db8bba7395 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -521,7 +521,9 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req) /* we aren't any NC */ ret = dsdb_module_search_dn(module, req, &parent_res, parent_dn, parent_attrs, - DSDB_FLAG_NEXT_MODULE, + DSDB_FLAG_NEXT_MODULE | + DSDB_FLAG_AS_SYSTEM | + DSDB_SEARCH_SHOW_RECYCLED, req); if (ret != LDB_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_TRACE,"descriptor_add: Could not find SD for %s\n", @@ -581,7 +583,7 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req) static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; - struct ldb_control *sd_recalculate_control, *sd_flags_control, *show_deleted_control; + struct ldb_control *sd_recalculate_control, *sd_flags_control; struct ldb_request *mod_req; struct ldb_message *msg; struct ldb_result *current_res, *parent_res; @@ -591,7 +593,7 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) struct ldb_dn *parent_dn, *dn; struct ldb_message_element *objectclass_element; int ret; - uint32_t instanceType, sd_flags = 0, flags; + uint32_t instanceType, sd_flags = 0; const struct dsdb_schema *schema; DATA_BLOB *sd; const struct dsdb_class *objectclass; @@ -604,8 +606,6 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) user_sd = ldb_msg_find_ldb_val(req->op.mod.message, "nTSecurityDescriptor"); /* This control forces the recalculation of the SD also when * no modification is performed. */ - show_deleted_control = ldb_request_get_control(req, - LDB_CONTROL_SHOW_DELETED_OID); sd_recalculate_control = ldb_request_get_control(req, LDB_CONTROL_RECALCULATE_SD_OID); if (!user_sd && !sd_recalculate_control) { @@ -618,13 +618,12 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) if (ldb_dn_is_special(dn)) { return ldb_next_request(module, req); } - flags = DSDB_FLAG_NEXT_MODULE; - if (show_deleted_control) { - flags |= DSDB_SEARCH_SHOW_DELETED; - } + ret = dsdb_module_search_dn(module, req, ¤t_res, dn, current_attrs, - flags, + DSDB_FLAG_NEXT_MODULE | + DSDB_FLAG_AS_SYSTEM | + DSDB_SEARCH_SHOW_RECYCLED, req); if (ret != LDB_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_ERROR,"descriptor_modify: Could not find %s\n", @@ -644,7 +643,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) } ret = dsdb_module_search_dn(module, req, &parent_res, parent_dn, parent_attrs, - DSDB_FLAG_NEXT_MODULE, + DSDB_FLAG_NEXT_MODULE | + DSDB_FLAG_AS_SYSTEM | + DSDB_SEARCH_SHOW_RECYCLED, req); if (ret != LDB_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_ERROR, "descriptor_modify: Could not find SD for %s\n", |