From 7685bbbc4ea2ffc522a1582a561477dad2c862b2 Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Fri, 18 Dec 2009 18:14:38 +0200 Subject: s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEM This function is intended to be used when data needs to be modified skipping access checks. Signed-off-by: Andrew Tridgell --- source4/dsdb/common/util.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) (limited to 'source4/dsdb') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 4f7ddde14c..561edff94c 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1022,6 +1022,55 @@ static int dsdb_autotransaction_request(struct ldb_context *sam_ldb, return ret; } +/* + * replace elements in a record using LDB_CONTROL_AS_SYSTEM + * used to skip access checks on operations + * that are performed by the system + */ +int samdb_replace_as_system(struct ldb_context *sam_ldb, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg) +{ + int i; + int ldb_ret; + struct ldb_request *req = NULL; + + /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ + for (i=0;inum_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + + ldb_ret = ldb_msg_sanity_check(sam_ldb, msg); + if (ldb_ret != LDB_SUCCESS) { + return ldb_ret; + } + + ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx, + msg, + NULL, + NULL, + ldb_op_default_callback, + NULL); + + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL); + if (ldb_ret != LDB_SUCCESS) { + talloc_free(req); + return ldb_ret; + } + + /* do request and auto start a transaction */ + ldb_ret = dsdb_autotransaction_request(sam_ldb, req); + + talloc_free(req); + return ldb_ret; +} + /* return a default security descriptor */ -- cgit