diff options
author | Kamen Mazdrashki <kamen.mazdrashki@postpath.com> | 2009-12-18 18:14:38 +0200 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-12-21 23:44:53 +1100 |
commit | 7685bbbc4ea2ffc522a1582a561477dad2c862b2 (patch) | |
tree | 8d4614f94cb22dfa64890e672deb135608647774 /source4 | |
parent | 11e2c5777dc1bd8af1f696e04d0712fe43e7a21a (diff) | |
download | samba-7685bbbc4ea2ffc522a1582a561477dad2c862b2.tar.gz samba-7685bbbc4ea2ffc522a1582a561477dad2c862b2.tar.bz2 samba-7685bbbc4ea2ffc522a1582a561477dad2c862b2.zip |
s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM
This function is intended to be used when data needs
to be modified skipping access checks.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/common/util.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 4f7ddde14c..561edff94c 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1023,6 +1023,55 @@ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb, } /* + * replace elements in a record using LDB_CONTROL_AS_SYSTEM + * used to skip access checks on operations + * that are performed by the system + */ +int samdb_replace_as_system(struct ldb_context *sam_ldb, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg) +{ + int i; + int ldb_ret; + struct ldb_request *req = NULL; + + /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + + ldb_ret = ldb_msg_sanity_check(sam_ldb, msg); + if (ldb_ret != LDB_SUCCESS) { + return ldb_ret; + } + + ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx, + msg, + NULL, + NULL, + ldb_op_default_callback, + NULL); + + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL); + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + /* do request and auto start a transaction */ + ldb_ret = dsdb_autotransaction_request(sam_ldb, req); + + talloc_free(req); + return ldb_ret; +} + +/* return a default security descriptor */ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx) |