summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c62
1 files changed, 15 insertions, 47 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index a876346b60..a764d69aaf 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -56,6 +56,7 @@ struct descriptor_context {
struct ldb_val *parentsd_val;
struct ldb_message_element *sd_element;
struct ldb_val *sd_val;
+ uint32_t sd_flags;
int (*step_fn)(struct descriptor_context *);
};
@@ -384,12 +385,10 @@ static struct descriptor_context *descriptor_init_context(struct ldb_module *mod
static int descriptor_search_callback(struct ldb_request *req, struct ldb_reply *ares)
{
struct descriptor_context *ac;
- struct ldb_control *sd_control;
struct ldb_val *sd_val = NULL;
struct ldb_message_element *sd_el;
DATA_BLOB *show_sd;
int ret;
- uint32_t sd_flags = 0;
ac = talloc_get_type(req->context, struct descriptor_context);
@@ -402,30 +401,16 @@ static int descriptor_search_callback(struct ldb_request *req, struct ldb_reply
ares->response, ares->error);
}
- sd_control = ldb_request_get_control(ac->req, LDB_CONTROL_SD_FLAGS_OID);
- if (sd_control) {
- struct ldb_sd_flags_control *sdctr = (struct ldb_sd_flags_control *)sd_control->data;
- sd_flags = sdctr->secinfo_flags;
- /* we only care for the last 4 bits */
- sd_flags = sd_flags & 0x0000000F;
- if (sd_flags == 0) {
- /* MS-ADTS 3.1.1.3.4.1.11 says that no bits
- equals all 4 bits */
- sd_flags = 0xF;
- }
- }
-
switch (ares->type) {
case LDB_REPLY_ENTRY:
- if (sd_flags != 0) {
- sd_el = ldb_msg_find_element(ares->message, "nTSecurityDescriptor");
- if (sd_el) {
- sd_val = sd_el->values;
- }
+ sd_el = ldb_msg_find_element(ares->message, "nTSecurityDescriptor");
+ if (sd_el) {
+ sd_val = sd_el->values;
}
+
if (sd_val) {
show_sd = descr_get_descriptor_to_show(ac->module, ac->req,
- sd_val, sd_flags);
+ sd_val, ac->sd_flags);
if (!show_sd) {
ret = LDB_ERR_OPERATIONS_ERROR;
goto fail;
@@ -468,6 +453,7 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req)
static const char * const parent_attrs[] = { "nTSecurityDescriptor", NULL };
uint32_t instanceType;
bool isNC = false;
+ uint32_t sd_flags = dsdb_request_sd_flags(req, NULL);
ldb = ldb_module_get_ctx(module);
dn = req->op.add.message->dn;
@@ -583,7 +569,7 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req)
static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
- struct ldb_control *sd_recalculate_control, *sd_flags_control;
+ struct ldb_control *sd_recalculate_control;
struct ldb_request *mod_req;
struct ldb_message *msg;
struct ldb_result *current_res, *parent_res;
@@ -593,7 +579,8 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
struct ldb_dn *parent_dn, *dn;
struct ldb_message_element *objectclass_element;
int ret;
- uint32_t instanceType, sd_flags = 0;
+ uint32_t instanceType;
+ uint32_t sd_flags = dsdb_request_sd_flags(req, NULL);
const struct dsdb_schema *schema;
DATA_BLOB *sd;
const struct dsdb_class *objectclass;
@@ -657,7 +644,6 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
}
parent_sd = ldb_msg_find_ldb_val(parent_res->msgs[0], "nTSecurityDescriptor");
}
- sd_flags_control = ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID);
schema = dsdb_get_schema(ldb, req);
@@ -672,15 +658,7 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_operr(ldb);
}
- if (sd_flags_control) {
- struct ldb_sd_flags_control *sdctr = (struct ldb_sd_flags_control *)sd_flags_control->data;
- sd_flags = sdctr->secinfo_flags;
- /* we only care for the last 4 bits */
- sd_flags = sd_flags & 0x0000000F;
- }
- if (sd_flags != 0) {
- old_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor");
- }
+ old_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor");
sd = get_new_descriptor(module, dn, req,
objectclass, parent_sd,
@@ -711,9 +689,6 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
}
/* mark the controls as non-critical since we've handled them */
- if (sd_flags_control != NULL) {
- sd_flags_control->critical = 0;
- }
if (sd_recalculate_control != NULL) {
sd_recalculate_control->critical = 0;
}
@@ -736,15 +711,11 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
{
int ret;
struct ldb_context *ldb;
- struct ldb_control *sd_control;
struct ldb_request *down_req;
struct descriptor_context *ac;
- bool show_sd = false;
-
- sd_control = ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID);
- if (sd_control != NULL) {
- show_sd = true;
- }
+ bool explicit_sd_flags = false;
+ uint32_t sd_flags = dsdb_request_sd_flags(req, &explicit_sd_flags);
+ bool show_sd = explicit_sd_flags;
if (!show_sd &&
ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor"))
@@ -761,6 +732,7 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
if (ac == NULL) {
return ldb_operr(ldb);
}
+ ac->sd_flags = sd_flags;
ret = ldb_build_search_req_ex(&down_req, ldb, ac,
req->op.search.base,
@@ -774,10 +746,6 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
if (ret != LDB_SUCCESS) {
return ret;
}
- /* mark it as handled */
- if (sd_control) {
- sd_control->critical = 0;
- }
return ldb_next_request(ac->module, down_req);
}