diff options
-rw-r--r-- | source4/dsdb/common/util.c | 99 | ||||
-rw-r--r-- | source4/dsdb/common/util.h | 1 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_init.c | 5 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_set.c | 4 | ||||
-rw-r--r-- | source4/kdc/kpasswdd.c | 2 | ||||
-rw-r--r-- | source4/libnet/libnet_join.c | 2 | ||||
-rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 16 | ||||
-rw-r--r-- | source4/ntptr/simple_ldb/ntptr_simple_ldb.c | 2 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 2 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 4 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 2 | ||||
-rw-r--r-- | source4/rpc_server/samr/samr_password.c | 8 |
12 files changed, 52 insertions, 95 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 12185f999d..5178253ae1 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -783,7 +783,7 @@ int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc const char *attr_name) { /* we use an empty replace rather than a delete, as it allows for - samdb_replace() to be used everywhere */ + dsdb_replace() to be used everywhere */ return ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL); } @@ -981,26 +981,10 @@ int samdb_msg_set_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struc } /* - replace elements in a record -*/ -int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg) -{ - int i; - - /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ - for (i=0;i<msg->num_elements;i++) { - msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; - } - - /* modify the samdb record */ - return ldb_modify(sam_ldb, msg); -} - -/* * Handle ldb_request in transaction */ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb, - struct ldb_request *req) + struct ldb_request *req) { int ret; @@ -1023,55 +1007,6 @@ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb, } /* - * replace elements in a record using LDB_CONTROL_AS_SYSTEM - * used to skip access checks on operations - * that are performed by the system - */ -int samdb_replace_as_system(struct ldb_context *sam_ldb, - TALLOC_CTX *mem_ctx, - struct ldb_message *msg) -{ - int i; - int ldb_ret; - struct ldb_request *req = NULL; - - /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ - for (i=0;i<msg->num_elements;i++) { - msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; - } - - - ldb_ret = ldb_msg_sanity_check(sam_ldb, msg); - if (ldb_ret != LDB_SUCCESS) { - return ldb_ret; - } - - ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx, - msg, - NULL, - NULL, - ldb_op_default_callback, - NULL); - - if (ldb_ret != LDB_SUCCESS) { - talloc_free(req); - return ldb_ret; - } - - ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL); - if (ldb_ret != LDB_SUCCESS) { - talloc_free(req); - return ldb_ret; - } - - /* do request and auto start a transaction */ - ldb_ret = dsdb_autotransaction_request(sam_ldb, req); - - talloc_free(req); - return ldb_ret; -} - -/* return a default security descriptor */ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx) @@ -2119,7 +2054,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, } /* modify the samdb record */ - ret = samdb_replace(ldb, mem_ctx, msg); + ret = dsdb_replace(ldb, msg, 0); if (ret != LDB_SUCCESS) { ldb_transaction_cancel(ldb); talloc_free(user_dn); @@ -3434,6 +3369,13 @@ int dsdb_request_add_controls(struct ldb_request *req, uint32_t dsdb_flags) } } + if (dsdb_flags & DSDB_FLAG_AS_SYSTEM) { + ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + } + return LDB_SUCCESS; } @@ -3461,11 +3403,24 @@ int dsdb_modify(struct ldb_context *ldb, const struct ldb_message *message, return ret; } - ret = ldb_request(ldb, req); - if (ret == LDB_SUCCESS) { - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - } + ret = dsdb_autotransaction_request(ldb, req); talloc_free(req); return ret; } + +/* + like dsdb_modify() but set all the element flags to + LDB_FLAG_MOD_REPLACE + */ +int dsdb_replace(struct ldb_context *ldb, struct ldb_message *msg, uint32_t dsdb_flags) +{ + int i; + + /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + return dsdb_modify(ldb, msg, dsdb_flags); +} diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h index 590653acc2..e80fdd8216 100644 --- a/source4/dsdb/common/util.h +++ b/source4/dsdb/common/util.h @@ -30,3 +30,4 @@ #define DSDB_SEARCH_SHOW_EXTENDED_DN 0x0010 #define DSDB_MODIFY_RELAX 0x0020 #define DSDB_MODIFY_PERMISSIVE 0x0040 +#define DSDB_FLAG_AS_SYSTEM 0x0080 diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 77b4e2a473..c369d57fa9 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -22,6 +22,7 @@ #include "includes.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" #include "lib/ldb/include/ldb_errors.h" #include "../lib/util/dlinklist.h" #include "librpc/gen_ndr/ndr_misc.h" @@ -310,12 +311,12 @@ WERROR dsdb_write_prefixes_from_schema_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_co return WERR_NOMEM; } - ldb_ret = samdb_replace_as_system(ldb, temp_ctx, msg); + ldb_ret = dsdb_replace(ldb, msg, DSDB_FLAG_AS_SYSTEM); talloc_free(temp_ctx); if (ldb_ret != 0) { - DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: samdb_replace failed\n")); + DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: dsdb_replace failed\n")); return WERR_FOOBAR; } diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 99b26f6b9d..3dace04304 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -138,7 +138,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem mod_msg = ldb_msg_diff(ldb, res->msgs[0], msg); if (mod_msg->num_elements > 0) { - ret = samdb_replace(ldb, mem_ctx, mod_msg); + ret = dsdb_replace(ldb, mod_msg, 0); } } @@ -166,7 +166,7 @@ static int dsdb_schema_set_attributes(struct ldb_context *ldb, struct dsdb_schem mod_msg = ldb_msg_diff(ldb, res_idx->msgs[0], msg_idx); if (mod_msg->num_elements > 0) { - ret = samdb_replace(ldb, mem_ctx, mod_msg); + ret = dsdb_replace(ldb, mod_msg, 0); } } if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) { diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 8009f9c06a..2f4ebe0557 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -379,7 +379,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, if (NT_STATUS_IS_OK(status)) { /* modify the samdb record */ - ret = samdb_replace(samdb, mem_ctx, msg); + ret = dsdb_replace(samdb, msg, 0); if (ret != 0) { DEBUG(2,("Failed to modify record to set password on %s: %s\n", ldb_dn_get_linearized(msg->dn), diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index e60d45e316..5abe88bb89 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -331,7 +331,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J return NT_STATUS_NO_MEMORY; } - rtn = samdb_replace(remote_ldb, tmp_ctx, msg); + rtn = dsdb_replace(remote_ldb, msg, 0); if (rtn != 0) { r->out.error_string = talloc_asprintf(r, diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index e7066ecfd2..e9db4a909c 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -222,7 +222,7 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx, /* TODO: Account lockout, password properties */ - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret) { return NT_STATUS_INTERNAL_ERROR; @@ -454,7 +454,7 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx, } } } else { - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, "Failed to modify user record %s: %s", ldb_dn_get_linearized(msg->dn), @@ -593,7 +593,7 @@ static NTSTATUS samsync_ldb_handle_group(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s", ldb_dn_get_linearized(msg->dn), @@ -708,7 +708,7 @@ static NTSTATUS samsync_ldb_handle_group_member(TALLOC_CTX *mem_ctx, talloc_free(msgs); } - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s", ldb_dn_get_linearized(msg->dn), @@ -807,7 +807,7 @@ static NTSTATUS samsync_ldb_handle_alias(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_DB_CORRUPTION; } } else { - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, "Failed to modify alias record %s: %s", ldb_dn_get_linearized(msg->dn), @@ -926,7 +926,7 @@ static NTSTATUS samsync_ldb_handle_alias_member(TALLOC_CTX *mem_ctx, talloc_free(msgs); } - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s", ldb_dn_get_linearized(msg->dn), @@ -970,7 +970,7 @@ static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx, account->privilege_name[i].string); } - ret = samdb_replace(state->pdb, mem_ctx, msg); + ret = dsdb_replace(state->pdb, msg, 0); if (ret == LDB_ERR_NO_SUCH_OBJECT) { if (samdb_msg_add_dom_sid(state->pdb, msg, msg, "objectSid", sid) != LDB_SUCCESS) { talloc_free(msg); @@ -1028,7 +1028,7 @@ static NTSTATUS samsync_ldb_delete_account(TALLOC_CTX *mem_ctx, samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, "privilege"); - ret = samdb_replace(state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(state->sam_ldb, msg, 0); if (ret != 0) { *error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s", ldb_dn_get_linearized(msg->dn)); diff --git a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c index feaa1a0e12..33632aa0fc 100644 --- a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c +++ b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c @@ -389,7 +389,7 @@ static WERROR sptr_SetPrintServerForm(struct ntptr_GenericHandle *server, TALLOC return WERR_UNKNOWN_LEVEL; } - ret = samdb_replace(sptr_db, mem_ctx, msg); + ret = dsdb_replace(sptr_db, msg, 0); if (ret != 0) { return WERR_FOOBAR; } diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index ed984f981e..53526ce15c 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -2632,7 +2632,7 @@ static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_ } /* modify the samdb record */ - ret = samdb_replace(secret_state->sam_ldb, mem_ctx, msg); + ret = dsdb_replace(secret_state->sam_ldb, msg, 0); if (ret != LDB_SUCCESS) { /* we really need samdb.c to return NTSTATUS */ return NT_STATUS_UNSUCCESSFUL; diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index fb2601ab2f..f47f608527 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1200,7 +1200,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg, "operatingSystemVersion"); - if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) { + if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) { DEBUG(3,("Impossible to update samdb: %s\n", ldb_errstring(sam_ctx))); } @@ -1262,7 +1262,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal ); } - if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) { + if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) { DEBUG(3,("Impossible to update samdb: %s\n", ldb_errstring(sam_ctx))); } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 76f35ddefb..61a9f1350b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1415,7 +1415,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL } /* modify the samdb record */ - ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg); + ret = dsdb_replace(a_state->sam_ctx, msg, 0); if (ret != LDB_SUCCESS) { DEBUG(0,("Failed to modify account record %s to set userAccountControl: %s\n", ldb_dn_get_linearized(msg->dn), diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 1ed1dd1b69..1a09283ea6 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -153,7 +153,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, /* The above call only setup the modifications, this actually * makes the write to the database. */ - ret = samdb_replace(sam_ctx, mem_ctx, msg); + ret = dsdb_replace(sam_ctx, msg, 0); if (ret != LDB_SUCCESS) { DEBUG(2,("Failed to modify record to change password on %s: %s\n", ldb_dn_get_linearized(a_state->account_dn), @@ -310,7 +310,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, /* The above call only setup the modifications, this actually * makes the write to the database. */ - ret = samdb_replace(sam_ctx, mem_ctx, mod); + ret = dsdb_replace(sam_ctx, mod, 0); if (ret != LDB_SUCCESS) { DEBUG(2,("Failed to modify record to change password on %s: %s\n", ldb_dn_get_linearized(user_dn), @@ -473,9 +473,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, /* The above call only setup the modifications, this actually * makes the write to the database. */ - ret = samdb_replace(sam_ctx, mem_ctx, mod); + ret = dsdb_replace(sam_ctx, mod, 0); if (ret != LDB_SUCCESS) { - DEBUG(2,("samdb_replace failed to change password for %s: %s\n", + DEBUG(2,("dsdb_replace failed to change password for %s: %s\n", ldb_dn_get_linearized(user_dn), ldb_errstring(sam_ctx))); status = NT_STATUS_UNSUCCESSFUL; |