summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamen.mazdrashki@postpath.com>2009-12-18 18:14:38 +0200
committerAndrew Tridgell <tridge@samba.org>2009-12-21 23:44:53 +1100
commit7685bbbc4ea2ffc522a1582a561477dad2c862b2 (patch)
tree8d4614f94cb22dfa64890e672deb135608647774 /source4
parent11e2c5777dc1bd8af1f696e04d0712fe43e7a21a (diff)
downloadsamba-7685bbbc4ea2ffc522a1582a561477dad2c862b2.tar.gz
samba-7685bbbc4ea2ffc522a1582a561477dad2c862b2.tar.bz2
samba-7685bbbc4ea2ffc522a1582a561477dad2c862b2.zip
s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM
This function is intended to be used when data needs to be modified skipping access checks. Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/common/util.c49
1 files changed, 49 insertions, 0 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 4f7ddde14c..561edff94c 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1023,6 +1023,55 @@ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb,
}
/*
+ * replace elements in a record using LDB_CONTROL_AS_SYSTEM
+ * used to skip access checks on operations
+ * that are performed by the system
+ */
+int samdb_replace_as_system(struct ldb_context *sam_ldb,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message *msg)
+{
+ int i;
+ int ldb_ret;
+ struct ldb_request *req = NULL;
+
+ /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+ for (i=0;i<msg->num_elements;i++) {
+ msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ }
+
+
+ ldb_ret = ldb_msg_sanity_check(sam_ldb, msg);
+ if (ldb_ret != LDB_SUCCESS) {
+ return ldb_ret;
+ }
+
+ ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx,
+ msg,
+ NULL,
+ NULL,
+ ldb_op_default_callback,
+ NULL);
+
+ if (ldb_ret != LDB_SUCCESS) {
+ talloc_free(req);
+ return ldb_ret;
+ }
+
+ ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL);
+ if (ldb_ret != LDB_SUCCESS) {
+ talloc_free(req);
+ return ldb_ret;
+ }
+
+ /* do request and auto start a transaction */
+ ldb_ret = dsdb_autotransaction_request(sam_ldb, req);
+
+ talloc_free(req);
+ return ldb_ret;
+}
+
+/*
return a default security descriptor
*/
struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)