diff options
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 82 |
1 files changed, 54 insertions, 28 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 0e4d852d15..f3a9e08e72 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1093,11 +1093,11 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) } /* build the new msg */ - ac->msg = ldb_msg_copy(ac, ac->req->op.add.message); - if (!ac->msg) { + ac->msg = ldb_msg_copy_shallow(ac, req->op.add.message); + if (ac->msg == NULL) { talloc_free(ac); ldb_debug(ldb, LDB_DEBUG_FATAL, - "samldb_add: ldb_msg_copy failed!\n"); + "samldb_add: ldb_msg_copy_shallow failed!\n"); return ldb_operr(ldb); } @@ -1151,8 +1151,8 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; struct samldb_ctx *ac; - struct ldb_message *msg; struct ldb_message_element *el, *el2; + bool modified = false; int ret; uint32_t account_type; @@ -1182,101 +1182,127 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) return ldb_operr(ldb); } - /* TODO: do not modify original request, create a new one */ + /* build the new msg */ + ac->msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (ac->msg == NULL) { + talloc_free(ac); + ldb_debug(ldb, LDB_DEBUG_FATAL, + "samldb_modify: ldb_msg_copy_shallow failed!\n"); + return ldb_operr(ldb); + } - el = ldb_msg_find_element(req->op.mod.message, "groupType"); + el = ldb_msg_find_element(ac->msg, "groupType"); if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { uint32_t group_type; - req->op.mod.message = msg = ldb_msg_copy_shallow(req, - req->op.mod.message); + modified = true; group_type = strtoul((const char *)el->values[0].data, NULL, 0); account_type = ds_gtype2atype(group_type); - ret = samdb_msg_add_uint(ldb, msg, msg, + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, "sAMAccountType", account_type); if (ret != LDB_SUCCESS) { return ret; } - el2 = ldb_msg_find_element(msg, "sAMAccountType"); + el2 = ldb_msg_find_element(ac->msg, "sAMAccountType"); el2->flags = LDB_FLAG_MOD_REPLACE; } + el = ldb_msg_find_element(ac->msg, "groupType"); if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) { return LDB_ERR_UNWILLING_TO_PERFORM; } - el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID"); + el = ldb_msg_find_element(ac->msg, "primaryGroupID"); if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { - req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req, - req->op.mod.message); + modified = true; ret = samldb_prim_group_change(ac); if (ret != LDB_SUCCESS) { return ret; } } + el = ldb_msg_find_element(ac->msg, "primaryGroupID"); if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) { return LDB_ERR_UNWILLING_TO_PERFORM; } - el = ldb_msg_find_element(req->op.mod.message, "userAccountControl"); + el = ldb_msg_find_element(ac->msg, "userAccountControl"); if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { uint32_t user_account_control; - req->op.mod.message = msg = ldb_msg_copy_shallow(req, - req->op.mod.message); + modified = true; user_account_control = strtoul((const char *)el->values[0].data, NULL, 0); account_type = ds_uf2atype(user_account_control); - ret = samdb_msg_add_uint(ldb, msg, msg, + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, "sAMAccountType", account_type); if (ret != LDB_SUCCESS) { return ret; } - el2 = ldb_msg_find_element(msg, "sAMAccountType"); + el2 = ldb_msg_find_element(ac->msg, "sAMAccountType"); el2->flags = LDB_FLAG_MOD_REPLACE; if (user_account_control & (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) { - ret = samdb_msg_add_string(ldb, msg, msg, - "isCriticalSystemObject", "TRUE"); + ret = samdb_msg_add_string(ldb, ac->msg, ac->msg, + "isCriticalSystemObject", + "TRUE"); if (ret != LDB_SUCCESS) { return ret; } - el2 = ldb_msg_find_element(msg, "isCriticalSystemObject"); + el2 = ldb_msg_find_element(ac->msg, + "isCriticalSystemObject"); el2->flags = LDB_FLAG_MOD_REPLACE; } - if (!ldb_msg_find_element(msg, "primaryGroupID")) { + if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) { uint32_t rid = ds_uf2prim_group_rid(user_account_control); - ret = samdb_msg_add_uint(ldb, msg, msg, + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, "primaryGroupID", rid); if (ret != LDB_SUCCESS) { return ret; } - el2 = ldb_msg_find_element(msg, + el2 = ldb_msg_find_element(ac->msg, "primaryGroupID"); el2->flags = LDB_FLAG_MOD_REPLACE; } } + el = ldb_msg_find_element(ac->msg, "userAccountControl"); if (el && (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE)) { return LDB_ERR_UNWILLING_TO_PERFORM; } - el = ldb_msg_find_element(req->op.mod.message, "member"); + el = ldb_msg_find_element(ac->msg, "member"); if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { - req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req, - req->op.mod.message); - ret = samldb_member_check(ac); if (ret != LDB_SUCCESS) { return ret; } } + if (modified) { + struct ldb_request *child_req; + + /* Now perform the real modifications as a child request */ + ret = ldb_build_mod_req(&child_req, ldb, ac, + ac->msg, + req->controls, + req, dsdb_next_callback, + req); + LDB_REQ_SET_LOCATION(child_req); + if (ret != LDB_SUCCESS) { + return ret; + } + + return ldb_next_request(module, child_req); + } + + talloc_free(ac); + + /* no change which interests us, go on */ return ldb_next_request(module, req); } |