mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4-dsdb: fixed the check_optional_feature() call
the dsdb_check_optional_feature() call should look on our own NTDS DN for the enabled feature. This should work for all features, not just for forest wide fetaures. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
ceb831c2cc
commit
365f705345
@ -652,8 +652,16 @@ int dsdb_check_single_valued_link(const struct dsdb_attribute *attr,
|
|||||||
return LDB_SUCCESS;
|
return LDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
|
/*
|
||||||
struct GUID op_feature_guid, bool *feature_enabled)
|
check if an optional feature is enabled on our own NTDS DN
|
||||||
|
|
||||||
|
Note that features can be marked as enabled in more than one
|
||||||
|
place. For example, the recyclebin feature is marked as enabled both
|
||||||
|
on the CN=Partitions,CN=Configurration object and on the NTDS DN of
|
||||||
|
each DC in the forest. It seems likely that it is the job of the KCC
|
||||||
|
to propogate between the two
|
||||||
|
*/
|
||||||
|
int dsdb_check_optional_feature(struct ldb_module *module, struct GUID op_feature_guid, bool *feature_enabled)
|
||||||
{
|
{
|
||||||
TALLOC_CTX *tmp_ctx;
|
TALLOC_CTX *tmp_ctx;
|
||||||
struct ldb_context *ldb = ldb_module_get_ctx(module);
|
struct ldb_context *ldb = ldb_module_get_ctx(module);
|
||||||
@ -664,33 +672,35 @@ int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
|
|||||||
int ret;
|
int ret;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
struct ldb_message_element *el;
|
struct ldb_message_element *el;
|
||||||
|
struct ldb_dn *feature_dn;
|
||||||
|
|
||||||
|
feature_dn = samdb_ntds_settings_dn(ldb_module_get_ctx(module));
|
||||||
|
if (feature_dn == NULL) {
|
||||||
|
return ldb_operr(ldb_module_get_ctx(module));
|
||||||
|
}
|
||||||
|
|
||||||
*feature_enabled = false;
|
*feature_enabled = false;
|
||||||
|
|
||||||
tmp_ctx = talloc_new(ldb);
|
tmp_ctx = talloc_new(ldb);
|
||||||
|
|
||||||
ret = ldb_search(ldb, tmp_ctx, &res,
|
ret = dsdb_module_search_dn(module, tmp_ctx, &res, feature_dn, attrs, DSDB_FLAG_NEXT_MODULE, NULL);
|
||||||
scope, LDB_SCOPE_BASE, attrs,
|
|
||||||
NULL);
|
|
||||||
if (ret != LDB_SUCCESS) {
|
if (ret != LDB_SUCCESS) {
|
||||||
ldb_asprintf_errstring(ldb,
|
ldb_asprintf_errstring(ldb,
|
||||||
"Could no find the scope object - dn: %s\n",
|
"Could not find the feature object - dn: %s\n",
|
||||||
ldb_dn_get_linearized(scope));
|
ldb_dn_get_linearized(feature_dn));
|
||||||
talloc_free(tmp_ctx);
|
talloc_free(tmp_ctx);
|
||||||
return LDB_ERR_OPERATIONS_ERROR;
|
return LDB_ERR_OPERATIONS_ERROR;
|
||||||
}
|
}
|
||||||
if (res->msgs[0]->num_elements > 0) {
|
if (res->msgs[0]->num_elements > 0) {
|
||||||
|
const char *attrs2[] = {"msDS-OptionalFeatureGUID", NULL};
|
||||||
|
|
||||||
el = ldb_msg_find_element(res->msgs[0],"msDS-EnabledFeature");
|
el = ldb_msg_find_element(res->msgs[0],"msDS-EnabledFeature");
|
||||||
|
|
||||||
attrs[0] = "msDS-OptionalFeatureGUID";
|
|
||||||
|
|
||||||
for (i=0; i<el->num_values; i++) {
|
for (i=0; i<el->num_values; i++) {
|
||||||
search_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]);
|
search_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]);
|
||||||
|
|
||||||
ret = ldb_search(ldb, tmp_ctx, &res,
|
ret = dsdb_module_search_dn(module, tmp_ctx, &res,
|
||||||
search_dn, LDB_SCOPE_BASE, attrs,
|
search_dn, attrs2, DSDB_FLAG_NEXT_MODULE, NULL);
|
||||||
NULL);
|
|
||||||
if (ret != LDB_SUCCESS) {
|
if (ret != LDB_SUCCESS) {
|
||||||
ldb_asprintf_errstring(ldb,
|
ldb_asprintf_errstring(ldb,
|
||||||
"Could no find object dn: %s\n",
|
"Could no find object dn: %s\n",
|
||||||
@ -701,7 +711,7 @@ int dsdb_check_optional_feature(struct ldb_module *module, struct ldb_dn *scope,
|
|||||||
|
|
||||||
search_guid = samdb_result_guid(res->msgs[0], "msDS-OptionalFeatureGUID");
|
search_guid = samdb_result_guid(res->msgs[0], "msDS-OptionalFeatureGUID");
|
||||||
|
|
||||||
if (GUID_compare(&search_guid, &op_feature_guid) == 0){
|
if (GUID_compare(&search_guid, &op_feature_guid) == 0) {
|
||||||
*feature_enabled = true;
|
*feature_enabled = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -1007,22 +1017,17 @@ bool dsdb_module_am_administrator(struct ldb_module *module)
|
|||||||
int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
|
int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
|
||||||
{
|
{
|
||||||
struct ldb_context *ldb = ldb_module_get_ctx(module);
|
struct ldb_context *ldb = ldb_module_get_ctx(module);
|
||||||
struct ldb_dn *partitions_dn;
|
|
||||||
struct GUID recyclebin_guid;
|
struct GUID recyclebin_guid;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
partitions_dn = samdb_partitions_dn(ldb, module);
|
|
||||||
|
|
||||||
GUID_from_string(DS_GUID_FEATURE_RECYCLE_BIN, &recyclebin_guid);
|
GUID_from_string(DS_GUID_FEATURE_RECYCLE_BIN, &recyclebin_guid);
|
||||||
|
|
||||||
ret = dsdb_check_optional_feature(module, partitions_dn, recyclebin_guid, enabled);
|
ret = dsdb_check_optional_feature(module, recyclebin_guid, enabled);
|
||||||
if (ret != LDB_SUCCESS) {
|
if (ret != LDB_SUCCESS) {
|
||||||
ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
|
ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
|
||||||
talloc_free(partitions_dn);
|
|
||||||
return LDB_ERR_UNWILLING_TO_PERFORM;
|
return LDB_ERR_UNWILLING_TO_PERFORM;
|
||||||
}
|
}
|
||||||
|
|
||||||
talloc_free(partitions_dn);
|
|
||||||
return LDB_SUCCESS;
|
return LDB_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user