mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control is specified
This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
This commit is contained in:
parent
8c01d6a837
commit
1352a9406f
@ -463,10 +463,12 @@ static bool check_rodc_ntdsdsa_add(struct oc_context *ac,
|
||||
|
||||
static int objectclass_do_add(struct oc_context *ac)
|
||||
{
|
||||
struct ldb_context *ldb;
|
||||
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
|
||||
struct ldb_request *add_req;
|
||||
struct ldb_message_element *objectclass_element, *el;
|
||||
struct ldb_message *msg;
|
||||
struct ldb_control *as_system = ldb_request_get_control(ac->req,
|
||||
LDB_CONTROL_AS_SYSTEM_OID);
|
||||
TALLOC_CTX *mem_ctx;
|
||||
struct class_list *sorted, *current;
|
||||
const char *rdn_name = NULL;
|
||||
@ -478,7 +480,9 @@ static int objectclass_do_add(struct oc_context *ac)
|
||||
bool found;
|
||||
int ret;
|
||||
|
||||
ldb = ldb_module_get_ctx(ac->module);
|
||||
if (as_system != NULL) {
|
||||
as_system->critical = 0;
|
||||
}
|
||||
|
||||
msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message);
|
||||
if (msg == NULL) {
|
||||
@ -577,7 +581,7 @@ static int objectclass_do_add(struct oc_context *ac)
|
||||
/* LSA-specific objectclasses per default not allowed */
|
||||
if (((strcmp(value, "secret") == 0) ||
|
||||
(strcmp(value, "trustedDomain") == 0)) &&
|
||||
!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
|
||||
!(dsdb_module_am_system(ac->module) || as_system)) {
|
||||
ldb_asprintf_errstring(ldb,
|
||||
"objectclass: object class '%s' is LSA-specific, rejecting creation of '%s'!",
|
||||
value,
|
||||
|
@ -1056,7 +1056,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
|
||||
trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
|
||||
|
||||
/* create the trusted_domain */
|
||||
ret = dsdb_add(sam_ldb, msg, DSDB_MODIFY_RELAX);
|
||||
ret = dsdb_add(sam_ldb, msg, DSDB_FLAG_AS_SYSTEM);
|
||||
switch (ret) {
|
||||
case LDB_SUCCESS:
|
||||
break;
|
||||
@ -2949,7 +2949,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
|
||||
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
|
||||
|
||||
/* create the secret */
|
||||
ret = dsdb_add(secret_state->sam_ldb, msg, DSDB_MODIFY_RELAX);
|
||||
ret = dsdb_add(secret_state->sam_ldb, msg, DSDB_FLAG_AS_SYSTEM);
|
||||
if (ret != LDB_SUCCESS) {
|
||||
DEBUG(0,("Failed to create secret record %s: %s\n",
|
||||
ldb_dn_get_linearized(msg->dn),
|
||||
|
Loading…
Reference in New Issue
Block a user