[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Thu Nov 25 05:06:03 MST 2010 

The branch, master has been updated
       via  ae61408 s4:lsa RPC server / objectclass LDB module - fix the creation of trusted domain objects
      from  fc1da86 s4-tests: Modified speedtest.py to use samba.tests.delete_force

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ae61408e2f198ada294a826e375f0f4a1e7da3d6
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Thu Nov 25 09:33:47 2010 +0100

    s4:lsa RPC server / objectclass LDB module - fix the creation of trusted domain objects
    
    Tridge pointed out that it is to dangerous to allow them to be created
    with SYSTEM permissions. The solution using the "untrusted" flag should
    be much more viable.
    
    Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
    Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c |    8 +-------
 source4/rpc_server/lsa/dcesrv_lsa.c          |    4 ++--
 2 files changed, 3 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index d69c3f4..21f3164 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -467,8 +467,6 @@ static int objectclass_do_add(struct oc_context *ac)
 	struct ldb_request *add_req;
 	struct ldb_message_element *objectclass_element, *el;
 	struct ldb_message *msg;
-	struct ldb_control *as_system = ldb_request_get_control(ac->req,
-								LDB_CONTROL_AS_SYSTEM_OID);
 	TALLOC_CTX *mem_ctx;
 	struct class_list *sorted, *current;
 	const char *rdn_name = NULL;
@@ -480,10 +478,6 @@ static int objectclass_do_add(struct oc_context *ac)
 	bool found;
 	int ret;
 
-	if (as_system != NULL) {
-		as_system->critical = 0;
-	}
-
 	msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
 	if (msg == NULL) {
 		return ldb_module_oom(ac->module);
@@ -581,7 +575,7 @@ static int objectclass_do_add(struct oc_context *ac)
 			/* LSA-specific objectclasses per default not allowed */
 			if (((strcmp(value, "secret") == 0) ||
 			     (strcmp(value, "trustedDomain") == 0)) &&
-			    !(dsdb_module_am_system(ac->module) || as_system)) {
+			    ldb_req_is_untrusted(ac->req)) {
 				ldb_asprintf_errstring(ldb,
 						       "objectclass: object class '%s' is LSA-specific, rejecting creation of '%s'!",
 						       value,
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 1b55824..4cb5da2 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1056,7 +1056,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
 	trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
 
 	/* create the trusted_domain */
-	ret = dsdb_add(sam_ldb, msg, DSDB_FLAG_AS_SYSTEM);
+	ret = ldb_add(sam_ldb, msg);
 	switch (ret) {
 	case  LDB_SUCCESS:
 		break;
@@ -2949,7 +2949,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
 	secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
 
 	/* create the secret */
-	ret = dsdb_add(secret_state->sam_ldb, msg, DSDB_FLAG_AS_SYSTEM);
+	ret = ldb_add(secret_state->sam_ldb, msg);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,("Failed to create secret record %s: %s\n",
 			 ldb_dn_get_linearized(msg->dn), 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list