summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/kludge_acl.c116
1 files changed, 114 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 6b5bd3d296..53acb77899 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -2,6 +2,7 @@
ldb database library
Copyright (C) Andrew Bartlett 2005
+ Copyright (C) Simo Sorce 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -127,6 +128,102 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
return ret;
}
+/* search */
+struct kludge_acl_async_context {
+
+ struct ldb_module *module;
+ void *up_context;
+ int (*up_callback)(struct ldb_context *, void *, struct ldb_async_result *);
+ int timeout;
+
+ enum user_is user_type;
+};
+
+static int kludge_acl_async_callback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
+{
+ struct kludge_acl_async_context *ac;
+ struct kludge_private_data *data;
+ int i;
+
+ if (!context || !ares) {
+ ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback"));
+ goto error;
+ }
+
+ ac = talloc_get_type(context, struct kludge_acl_async_context);
+ data = talloc_get_type(ac->module->private_data, struct kludge_private_data);
+
+ if (ares->type == LDB_REPLY_ENTRY
+ && data->password_attrs) /* if we are not initialized just get through */
+ {
+ switch (ac->user_type) {
+ case SYSTEM:
+ case ADMINISTRATOR:
+ break;
+ default:
+ /* remove password attributes */
+ for (i = 0; data->password_attrs[i]; i++) {
+ ldb_msg_remove_attr(ares->message, data->password_attrs[i]);
+ }
+ }
+ }
+
+ return ac->up_callback(ldb, ac->up_context, ares);
+
+error:
+ talloc_free(ares);
+ return LDB_ERR_OPERATIONS_ERROR;
+}
+
+static int kludge_acl_search_async(struct ldb_module *module, struct ldb_request *req)
+{
+ struct kludge_acl_async_context *ac;
+ struct ldb_request *down_req;
+ int ret;
+
+ req->async.handle = NULL;
+
+ ac = talloc(req, struct kludge_acl_async_context);
+ if (ac == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ac->module = module;
+ ac->up_context = req->async.context;
+ ac->up_callback = req->async.callback;
+ ac->timeout = req->async.timeout;
+ ac->user_type = what_is_user(module);
+
+ down_req = talloc_zero(req, struct ldb_request);
+ if (down_req == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ down_req->operation = req->operation;
+ down_req->op.search.base = req->op.search.base;
+ down_req->op.search.scope = req->op.search.scope;
+ down_req->op.search.tree = req->op.search.tree;
+ down_req->op.search.attrs = req->op.search.attrs;
+
+ down_req->controls = req->controls;
+ down_req->creds = req->creds;
+
+ down_req->async.context = ac;
+ down_req->async.callback = kludge_acl_async_callback;
+ down_req->async.timeout = req->async.timeout;
+
+ /* perform the search */
+ ret = ldb_next_request(module, down_req);
+
+ /* do not free down_req as the call results may be linked to it,
+ * it will be freed when the upper level request get freed */
+ if (ret == LDB_SUCCESS) {
+ req->async.handle = down_req->async.handle;
+ }
+
+ return ret;
+}
+
/* ANY change type */
static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req){
enum user_is user_type = what_is_user(module);
@@ -165,13 +262,28 @@ static int kludge_acl_request(struct ldb_module *module, struct ldb_request *req
{
switch (req->operation) {
+ case LDB_REQ_ADD:
+ case LDB_ASYNC_ADD:
+ case LDB_REQ_MODIFY:
+ case LDB_ASYNC_MODIFY:
+ case LDB_REQ_DELETE:
+ case LDB_ASYNC_DELETE:
+ case LDB_REQ_RENAME:
+ case LDB_ASYNC_RENAME:
+ return kludge_acl_change(module, req);
+
case LDB_REQ_SEARCH:
return kludge_acl_search(module, req);
+
+ case LDB_ASYNC_SEARCH:
+ return kludge_acl_search_async(module, req);
+
case LDB_REQ_REGISTER:
return ldb_next_request(module, req);
+
default:
- /* anything else must be a change of some kind */
- return kludge_acl_change(module, req);
+ /* anything else must be something new, let's throw an error */
+ return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
}
}