summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-12-16 20:39:55 +1100
committerAndrew Tridgell <tridge@samba.org>2009-12-16 20:56:24 +1100
commit41e403adb0fa76c8d15d5d1ef38b195a6da2265c (patch)
tree8910394efde95b8339d251c4919e42ef2db28a2a /source4/dsdb/samdb
parent934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3 (diff)
downloadsamba-41e403adb0fa76c8d15d5d1ef38b195a6da2265c.tar.gz
samba-41e403adb0fa76c8d15d5d1ef38b195a6da2265c.tar.bz2
samba-41e403adb0fa76c8d15d5d1ef38b195a6da2265c.zip
s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptor
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/operational.c29
1 files changed, 19 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 0ea4b798b4..3b1b13faf5 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -214,7 +214,8 @@ static const struct {
enum op_remove {
OPERATIONAL_REMOVE_ALWAYS, /* remove always */
- OPERATIONAL_REMOVE_UNASKED /* remove if not requested */
+ OPERATIONAL_REMOVE_UNASKED,/* remove if not requested */
+ OPERATIONAL_SD_FLAGS /* show if SD_FLAGS_OID set, or asked for */
};
/*
@@ -225,7 +226,7 @@ static const struct {
const char *attr;
enum op_remove op;
} operational_remove[] = {
- { "nTSecurityDescriptor", OPERATIONAL_REMOVE_UNASKED },
+ { "nTSecurityDescriptor", OPERATIONAL_SD_FLAGS },
{ "parentGUID", OPERATIONAL_REMOVE_ALWAYS },
{ "replPropertyMetaData", OPERATIONAL_REMOVE_UNASKED },
{ "unicodePwd", OPERATIONAL_REMOVE_UNASKED },
@@ -244,7 +245,8 @@ static const struct {
*/
static int operational_search_post_process(struct ldb_module *module,
struct ldb_message *msg,
- const char * const *attrs)
+ const char * const *attrs,
+ bool sd_flags_set)
{
struct ldb_context *ldb;
int i, a=0;
@@ -253,18 +255,20 @@ static int operational_search_post_process(struct ldb_module *module,
/* removed any attrs that should not be shown to the user */
for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
- struct ldb_message_element *el;
-
switch (operational_remove[i].op) {
case OPERATIONAL_REMOVE_UNASKED:
if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
continue;
}
case OPERATIONAL_REMOVE_ALWAYS:
- el = ldb_msg_find_element(msg, operational_remove[i].attr);
- if (el) {
- ldb_msg_remove_element(msg, el);
+ ldb_msg_remove_attr(msg, operational_remove[i].attr);
+ break;
+ case OPERATIONAL_SD_FLAGS:
+ if (sd_flags_set ||
+ ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+ continue;
}
+ ldb_msg_remove_attr(msg, operational_remove[i].attr);
break;
}
}
@@ -321,6 +325,7 @@ struct operational_context {
struct ldb_request *req;
const char * const *attrs;
+ bool sd_flags_set;
};
static int operational_callback(struct ldb_request *req, struct ldb_reply *ares)
@@ -344,8 +349,9 @@ static int operational_callback(struct ldb_request *req, struct ldb_reply *ares)
/* for each record returned post-process to add any derived
attributes that have been asked for */
ret = operational_search_post_process(ac->module,
- ares->message,
- ac->attrs);
+ ares->message,
+ ac->attrs,
+ ac->sd_flags_set);
if (ret != 0) {
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
@@ -432,6 +438,9 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req
}
}
+ /* remember if the SD_FLAGS_OID was set */
+ ac->sd_flags_set = (ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID) != NULL);
+
ret = ldb_build_search_req_ex(&down_req, ldb, ac,
req->op.search.base,
req->op.search.scope,