1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4-dsdb: fixed the check_optional_feature() call

the dsdb_check_optional_feature() call should look on our own NTDS DN
for the enabled feature. This should work for all features, not just
for forest wide fetaures.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Tridgell 2011-10-07 11:46:05 +11:00
parent ceb831c2cc
commit 365f705345

View File

@ -652,8 +652,16 @@ int dsdb_check_single_valued_link(const struct dsdb_attribute *attr,
return LDB_SUCCESS;
}
int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
struct GUID op_feature_guid, bool *feature_enabled)
/*
check if an optional feature is enabled on our own NTDS DN
Note that features can be marked as enabled in more than one
place. For example, the recyclebin feature is marked as enabled both
on the CN=Partitions,CN=Configurration object and on the NTDS DN of
each DC in the forest. It seems likely that it is the job of the KCC
to propogate between the two
*/
int dsdb_check_optional_feature(struct ldb_module *module, struct GUID op_feature_guid, bool *feature_enabled)
{
TALLOC_CTX *tmp_ctx;
struct ldb_context *ldb = ldb_module_get_ctx(module);
@ -664,33 +672,35 @@ int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
int ret;
unsigned int i;
struct ldb_message_element *el;
struct ldb_dn *feature_dn;
feature_dn = samdb_ntds_settings_dn(ldb_module_get_ctx(module));
if (feature_dn == NULL) {
return ldb_operr(ldb_module_get_ctx(module));
}
*feature_enabled = false;
tmp_ctx = talloc_new(ldb);
ret = ldb_search(ldb, tmp_ctx, &res,
scope, LDB_SCOPE_BASE, attrs,
NULL);
ret = dsdb_module_search_dn(module, tmp_ctx, &res, feature_dn, attrs, DSDB_FLAG_NEXT_MODULE, NULL);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb,
"Could no find the scope object - dn: %s\n",
ldb_dn_get_linearized(scope));
"Could not find the feature object - dn: %s\n",
ldb_dn_get_linearized(feature_dn));
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
}
if (res->msgs[0]->num_elements > 0) {
const char *attrs2[] = {"msDS-OptionalFeatureGUID", NULL};
el = ldb_msg_find_element(res->msgs[0],"msDS-EnabledFeature");
attrs[0] = "msDS-OptionalFeatureGUID";
for (i=0; i<el->num_values; i++) {
search_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]);
ret = ldb_search(ldb, tmp_ctx, &res,
search_dn, LDB_SCOPE_BASE, attrs,
NULL);
ret = dsdb_module_search_dn(module, tmp_ctx, &res,
search_dn, attrs2, DSDB_FLAG_NEXT_MODULE, NULL);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb,
"Could no find object dn: %s\n",
@ -701,7 +711,7 @@ int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
search_guid = samdb_result_guid(res->msgs[0], "msDS-OptionalFeatureGUID");
if (GUID_compare(&search_guid, &op_feature_guid) == 0){
if (GUID_compare(&search_guid, &op_feature_guid) == 0) {
*feature_enabled = true;
break;
}
@ -1007,22 +1017,17 @@ bool dsdb_module_am_administrator(struct ldb_module *module)
int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_dn *partitions_dn;
struct GUID recyclebin_guid;
int ret;
partitions_dn = samdb_partitions_dn(ldb, module);
GUID_from_string(DS_GUID_FEATURE_RECYCLE_BIN, &recyclebin_guid);
ret = dsdb_check_optional_feature(module, partitions_dn, recyclebin_guid, enabled);
ret = dsdb_check_optional_feature(module, recyclebin_guid, enabled);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
talloc_free(partitions_dn);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
talloc_free(partitions_dn);
return LDB_SUCCESS;
}