diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2010-02-04 09:22:39 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2010-02-04 11:08:58 +0100 |
commit | 259ba3ab8751d0792c0ce4ddecd68f8f98cf1bd9 (patch) | |
tree | 4e57a9eb59279736d70cc73d3139ecf49359dcf4 /source4/dsdb | |
parent | 55d65ba7213e5b30711b5b5939d53e3d3990d86a (diff) | |
download | samba-259ba3ab8751d0792c0ce4ddecd68f8f98cf1bd9.tar.gz samba-259ba3ab8751d0792c0ce4ddecd68f8f98cf1bd9.tar.bz2 samba-259ba3ab8751d0792c0ce4ddecd68f8f98cf1bd9.zip |
s4:mark the SYSTEM control always as non-critical
It is needed to not break the various LDAP backends. For reference look at
bug #7040.
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index a779821107..5f50084281 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -441,6 +441,11 @@ static int acl_allowedAttributes(struct ldb_module *module, struct dom_sid *sid = NULL; struct ldb_control *as_system = ldb_request_get_control(ac->req, LDB_CONTROL_AS_SYSTEM_OID); + + if (as_system != NULL) { + as_system->critical = 0; + } + ldb_msg_remove_attr(msg, "allowedAttributesEffective"); if (ac->am_system || as_system) { for (i=0; attr_list && attr_list[i]; i++) { @@ -558,6 +563,10 @@ static int acl_childClassesEffective(struct ldb_module *module, struct dom_sid *sid = NULL; int i, j, ret; + if (as_system != NULL) { + as_system->critical = 0; + } + if (ac->am_system || as_system) { return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective"); } @@ -636,6 +645,10 @@ static int acl_sDRightsEffective(struct ldb_module *module, struct dom_sid *sid = NULL; uint32_t flags = 0; + if (as_system != NULL) { + as_system->critical = 0; + } + /* Must remove any existing attribute, or else confusion reins */ ldb_msg_remove_attr(msg, "sDRightsEffective"); ret = ldb_msg_add_empty(msg, "sDRightsEffective", 0, &rightsEffective); @@ -699,6 +712,10 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req) struct object_tree *new_node = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + if (as_system != NULL) { + as_system->critical = 0; + } + if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); } @@ -760,6 +777,10 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) NULL }; + if (as_system != NULL) { + as_system->critical = 0; + } + /* Don't print this debug statement if elements[0].name is going to be NULL */ if(req->op.mod.message->num_elements > 0) { @@ -892,6 +913,10 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) struct ldb_context *ldb; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + if (as_system != NULL) { + as_system->critical = 0; + } + DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn))); if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); @@ -946,6 +971,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) NULL }; + if (as_system != NULL) { + as_system->critical = 0; + } + DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn))); if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); |