sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code

s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone reanimate

Browse Source 
tombstone_reanimate.c module is going to restore those attributes
and it needs a way to propagate them to DB

Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
Kamen Mazdrashki 2014-11-07 07:07:07 +01:00 committed by Andrew Bartlett
parent afd4b23dc9
commit 4c5c7d3c1c
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
source4/dsdb/samdb/ldb_modules/samldb.c
View File

@ -2781,6 +2781,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
struct ldb_context *ldb;
struct samldb_ctx *ac;
struct ldb_message_element *el, *el2;
struct ldb_control *is_undelete;
bool modified = false;
int ret;
@ -2791,6 +2792,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
ldb = ldb_module_get_ctx(module);
/*
* we are going to need some special handling if in Undelete call.
* Since tombstone_reanimate module will restore certain attributes,
* we need to relax checks for: sAMAccountType, primaryGroupID
*/
is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
/* make sure that "objectSid" is not specified */
el = ldb_msg_find_element(req->op.mod.message, "objectSid");
if (el != NULL) {
@ -2800,12 +2808,14 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
}
/* make sure that "sAMAccountType" is not specified */
el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
if (el != NULL) {
ldb_set_errstring(ldb,
"samldb: sAMAccountType must not be specified!");
return LDB_ERR_UNWILLING_TO_PERFORM;
if (is_undelete == NULL) {
/* make sure that "sAMAccountType" is not specified */
el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
if (el != NULL) {
ldb_set_errstring(ldb,
"samldb: sAMAccountType must not be specified!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
}
/* make sure that "isCriticalSystemObject" is not specified */
el = ldb_msg_find_element(req->op.mod.message, "isCriticalSystemObject");
@ -2849,11 +2859,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_operr(ldb);
}
el = ldb_msg_find_element(ac->msg, "primaryGroupID");
if (el != NULL) {
ret = samldb_prim_group_trigger(ac);
if (ret != LDB_SUCCESS) {
return ret;
if (is_undelete == NULL) {
el = ldb_msg_find_element(ac->msg, "primaryGroupID");
if (el != NULL) {
ret = samldb_prim_group_trigger(ac);
if (ret != LDB_SUCCESS) {
return ret;
}
}
}