diff options
-rw-r--r-- | source4/dsdb/common/util.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 4f7ddde14c..561edff94c 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1023,6 +1023,55 @@ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb, } /* + * replace elements in a record using LDB_CONTROL_AS_SYSTEM + * used to skip access checks on operations + * that are performed by the system + */ +int samdb_replace_as_system(struct ldb_context *sam_ldb, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg) +{ + int i; + int ldb_ret; + struct ldb_request *req = NULL; + + /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + + ldb_ret = ldb_msg_sanity_check(sam_ldb, msg); + if (ldb_ret != LDB_SUCCESS) { + return ldb_ret; + } + + ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx, + msg, + NULL, + NULL, + ldb_op_default_callback, + NULL); + + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL); + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + /* do request and auto start a transaction */ + ldb_ret = dsdb_autotransaction_request(sam_ldb, req); + + talloc_free(req); + return ldb_ret; +} + +/* return a default security descriptor */ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx) |