[PATCH 3/5] s4: Modify descriptor module to allow the use of recalculate_sd.
Matthieu Patou
mat at matws.net
Thu Nov 26 09:41:29 MST 2009
This control is used mostly for the upgrade script to ask
ldb to recalculate the SD of an object as if it was just created.
The goal of this is to work around poor SD that S4 had before
---
source4/dsdb/samdb/ldb_modules/descriptor.c | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index f9992e3..da80ee5 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -594,13 +594,13 @@ static int descriptor_do_mod(struct descriptor_context *ac)
const struct dsdb_class *objectclass;
struct ldb_message *msg;
struct ldb_control *sd_control;
+ struct ldb_control *sd_control2;
struct ldb_control **saved_controls;
int flags = 0;
uint32_t sd_flags = 0;
ldb = ldb_module_get_ctx(ac->module);
schema = dsdb_get_schema(ldb);
-
msg = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
objectclass_element = ldb_msg_find_element(ac->search_oc_res->message, "objectClass");
objectclass = get_last_structural_class(schema, objectclass_element);
@@ -611,6 +611,7 @@ static int descriptor_do_mod(struct descriptor_context *ac)
return LDB_ERR_OPERATIONS_ERROR;
}
sd_control = ldb_request_get_control(ac->req, LDB_CONTROL_SD_FLAGS_OID);
+ sd_control2 = ldb_request_get_control(ac->req, LDB_CONTROL_RECALCULATE_SD_OID);
if (sd_control) {
struct ldb_sd_flags_control *sdctr = (struct ldb_sd_flags_control *)sd_control->data;
sd_flags = sdctr->secinfo_flags;
@@ -637,7 +638,11 @@ static int descriptor_do_mod(struct descriptor_context *ac)
return ret;
}
tmp_element = ldb_msg_find_element(msg, "ntSecurityDescriptor");
- tmp_element->flags = flags;
+ if (sd_control2) {
+ tmp_element->flags = LDB_FLAG_MOD_REPLACE;
+ } else {
+ tmp_element->flags = flags;
+ }
}
ret = ldb_build_mod_req(&mod_req, ldb, ac,
msg,
@@ -679,7 +684,6 @@ static int descriptor_do_add(struct descriptor_context *ac)
if (mem_ctx == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
-
switch (ac->req->operation) {
case LDB_ADD:
msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
@@ -768,6 +772,7 @@ static int descriptor_do_add(struct descriptor_context *ac)
static int descriptor_change(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb;
+ struct ldb_control *sd_control;
struct ldb_request *search_req;
struct descriptor_context *ac;
struct ldb_dn *parent_dn, *dn;
@@ -784,7 +789,9 @@ static int descriptor_change(struct ldb_module *module, struct ldb_request *req)
case LDB_MODIFY:
dn = req->op.mod.message->dn;
sd_element = ldb_msg_find_element(req->op.mod.message, "nTSecurityDescriptor");
- if (!sd_element) {
+ /* This control allow forcing the recalculation of the SD */
+ sd_control = ldb_request_get_control(req, LDB_CONTROL_RECALCULATE_SD_OID);
+ if (!sd_element && !sd_control) {
return ldb_next_request(module, req);
}
break;
--
1.6.3.3
--------------050007020707060202060907
Content-Type: text/x-patch;
name="0004-s4-make-get_xxx_descriptor-return-the-value-non-enco.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="0004-s4-make-get_xxx_descriptor-return-the-value-non-enco.pa";
filename*1="tch"
More information about the samba-technical
mailing list