summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-23 15:15:09 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-24 18:23:01 +0100
commit1352a9406f3e3067a8e751ac157eab67796bc0c6 (patch)
tree7fec9ae9039c4ada718a3c2ed4322850cb44b944 /source4/dsdb/samdb
parent8c01d6a837718344b52aa117820d0dba7655f295 (diff)
downloadsamba-1352a9406f3e3067a8e751ac157eab67796bc0c6.tar.gz
samba-1352a9406f3e3067a8e751ac157eab67796bc0c6.tar.bz2
samba-1352a9406f3e3067a8e751ac157eab67796bc0c6.zip
s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control is specified
This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/objectclass.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 0bb33aaf35..d69c3f4d05 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -463,10 +463,12 @@ static bool check_rodc_ntdsdsa_add(struct oc_context *ac,
static int objectclass_do_add(struct oc_context *ac)
{
- struct ldb_context *ldb;
+ struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
struct ldb_request *add_req;
struct ldb_message_element *objectclass_element, *el;
struct ldb_message *msg;
+ struct ldb_control *as_system = ldb_request_get_control(ac->req,
+ LDB_CONTROL_AS_SYSTEM_OID);
TALLOC_CTX *mem_ctx;
struct class_list *sorted, *current;
const char *rdn_name = NULL;
@@ -478,7 +480,9 @@ static int objectclass_do_add(struct oc_context *ac)
bool found;
int ret;
- ldb = ldb_module_get_ctx(ac->module);
+ if (as_system != NULL) {
+ as_system->critical = 0;
+ }
msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
if (msg == NULL) {
@@ -577,7 +581,7 @@ static int objectclass_do_add(struct oc_context *ac)
/* LSA-specific objectclasses per default not allowed */
if (((strcmp(value, "secret") == 0) ||
(strcmp(value, "trustedDomain") == 0)) &&
- !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ !(dsdb_module_am_system(ac->module) || as_system)) {
ldb_asprintf_errstring(ldb,
"objectclass: object class '%s' is LSA-specific, rejecting creation of '%s'!",
value,