From 79f22e5d700c5ffb6c0f0d64ad701558aa53bf57 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 12 Sep 2010 14:41:53 +0200 Subject: s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see that it is only in use by the delete operation add and modify helpers will stay on the top of the add and modify operation since they will likely be shared as much as possible. --- source4/dsdb/samdb/ldb_modules/samldb.c | 82 ++++++++++++++++----------------- 1 file changed, 41 insertions(+), 41 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e616295e3a..2c82445ba8 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1052,47 +1052,6 @@ static int samldb_member_check(struct samldb_ctx *ac) } -static int samldb_prim_group_users_check(struct samldb_ctx *ac) -{ - struct ldb_context *ldb; - struct dom_sid *sid; - uint32_t rid; - NTSTATUS status; - int count; - - ldb = ldb_module_get_ctx(ac->module); - - /* Finds out the SID/RID of the SAM object */ - sid = samdb_search_dom_sid(ldb, ac, ac->req->op.del.dn, "objectSID", - NULL); - if (sid == NULL) { - /* No SID - it might not be a SAM object - therefore ok */ - return LDB_SUCCESS; - } - status = dom_sid_split_rid(ac, sid, NULL, &rid); - if (!NT_STATUS_IS_OK(status)) { - return ldb_operr(ldb); - } - if (rid == 0) { - /* Special object (security principal?) */ - return LDB_SUCCESS; - } - - /* Deny delete requests from groups which are primary ones */ - count = samdb_search_count(ldb, NULL, - "(&(primaryGroupID=%u)(objectClass=user))", - rid); - if (count < 0) { - return ldb_operr(ldb); - } - if (count > 0) { - return LDB_ERR_ENTRY_ALREADY_EXISTS; - } - - return LDB_SUCCESS; -} - - /* add */ static int samldb_add(struct ldb_module *module, struct ldb_request *req) { @@ -1307,6 +1266,47 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) } /* delete */ + +static int samldb_prim_group_users_check(struct samldb_ctx *ac) +{ + struct ldb_context *ldb; + struct dom_sid *sid; + uint32_t rid; + NTSTATUS status; + int count; + + ldb = ldb_module_get_ctx(ac->module); + + /* Finds out the SID/RID of the SAM object */ + sid = samdb_search_dom_sid(ldb, ac, ac->req->op.del.dn, "objectSID", + NULL); + if (sid == NULL) { + /* No SID - it might not be a SAM object - therefore ok */ + return LDB_SUCCESS; + } + status = dom_sid_split_rid(ac, sid, NULL, &rid); + if (!NT_STATUS_IS_OK(status)) { + return ldb_operr(ldb); + } + if (rid == 0) { + /* Special object (security principal?) */ + return LDB_SUCCESS; + } + + /* Deny delete requests from groups which are primary ones */ + count = samdb_search_count(ldb, NULL, + "(&(primaryGroupID=%u)(objectClass=user))", + rid); + if (count < 0) { + return ldb_operr(ldb); + } + if (count > 0) { + return LDB_ERR_ENTRY_ALREADY_EXISTS; + } + + return LDB_SUCCESS; +} + static int samldb_delete(struct ldb_module *module, struct ldb_request *req) { struct samldb_ctx *ac; -- cgit