From 89a0fb503d0fcf3f6243b4ae4cd03319d7668fc9 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Fri, 22 Jan 2010 13:38:51 -0600 Subject: [PATCH] s4:dsdb - Let LDB modules consume LDB_CONTROL_AS_SYSTEM_OID and DSDB_CONTROL_DN_STORAGE_FORMAT_OID controls. --- source4/dsdb/samdb/ldb_modules/acl.c | 28 ++++++++++++++++++++++ source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 7 +++++ 2 files changed, 35 insertions(+), 0 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index a779821..de081b5 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -698,6 +698,13 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req) struct object_tree *root = NULL; struct object_tree *new_node = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + struct ldb_control **saved_controls; + + /* Remove the as_system control, so we don't confuse a backend server */ + if (as_system && !save_controls(as_system, req, &saved_controls)) { + ldb_oom(ldb_module_get_ctx(module)); + return LDB_ERR_OPERATIONS_ERROR; + } if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); @@ -752,6 +759,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) struct security_descriptor *sd; struct dom_sid *sid = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + struct ldb_control **saved_controls; TALLOC_CTX *tmp_ctx = talloc_new(req); static const char *acl_attrs[] = { "nTSecurityDescriptor", @@ -760,6 +768,12 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) NULL }; + /* Remove the as_system control, so we don't confuse a backend server */ + if (as_system && !save_controls(as_system, req, &saved_controls)) { + ldb_oom(ldb_module_get_ctx(module)); + return LDB_ERR_OPERATIONS_ERROR; + } + /* Don't print this debug statement if elements[0].name is going to be NULL */ if(req->op.mod.message->num_elements > 0) { @@ -891,6 +905,13 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) struct ldb_dn *parent = ldb_dn_get_parent(req, req->op.del.dn); struct ldb_context *ldb; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + struct ldb_control **saved_controls; + + /* Remove the as_system control, so we don't confuse a backend server */ + if (as_system && !save_controls(as_system, req, &saved_controls)) { + ldb_oom(ldb_module_get_ctx(module)); + return LDB_ERR_OPERATIONS_ERROR; + } DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn))); if (dsdb_module_am_system(module) || as_system) { @@ -936,6 +957,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) struct object_tree *root = NULL; struct object_tree *new_node = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + struct ldb_control **saved_controls; TALLOC_CTX *tmp_ctx = talloc_new(req); NTSTATUS status; uint32_t access_granted; @@ -946,6 +968,12 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) NULL }; + /* Remove the as_system control, so we don't confuse a backend server */ + if (as_system && !save_controls(as_system, req, &saved_controls)) { + ldb_oom(ldb_module_get_ctx(module)); + return LDB_ERR_OPERATIONS_ERROR; + } + DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn))); if (dsdb_module_am_system(module) || as_system) { return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c index 2d0ee6a..c330e8f 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c @@ -552,6 +552,7 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request { struct ldb_control *control; struct ldb_control *storage_format_control; + struct ldb_control **saved_controls; struct ldb_extended_dn_control *extended_ctrl = NULL; struct extended_search_context *ac; struct ldb_request *down_req; @@ -583,6 +584,12 @@ static int extended_dn_out_search(struct ldb_module *module, struct ldb_request } } + /* Remove the storage_format control, so we don't confuse a backend server */ + if (storage_format_control && !save_controls(storage_format_control, req, &saved_controls)) { + ldb_oom(ldb_module_get_ctx(module)); + return LDB_ERR_OPERATIONS_ERROR; + } + ac = talloc_zero(req, struct extended_search_context); if (ac == NULL) { ldb_oom(ldb); -- 1.6.5.2