From 69b7a87e98d3ecc937595c1a3cbd3c10abb9c652 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= Date: Sun, 19 Sep 2010 18:23:20 +0200 Subject: [PATCH] s4:show_deleted LDB module - also support the "show_recycled" control MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5 Signed-off-by: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/show_deleted.c | 73 ++++++++++++++++--- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 34807cf4b2..5c5d726d86 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -4,6 +4,7 @@ Copyright (C) Simo Sorce 2005 Copyright (C) Stefan Metzmacher 2007 Copyright (C) Andrew Bartlett 2009 + Copyright (C) Matthias Dieter Wallnöfer 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,7 +25,8 @@ * * Component: ldb deleted objects control module * - * Description: this module hides deleted objects, and returns them if the right control is there + * Description: this module hides deleted and recylced objects, and returns + * them if the right control is there * * Author: Stefan Metzmacher */ @@ -37,7 +39,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; - struct ldb_control *control; + struct ldb_control *show_del, *show_rec; struct ldb_request *down_req; struct ldb_parse_tree *new_tree = req->op.search.tree; int ret; @@ -45,12 +47,18 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re ldb = ldb_module_get_ctx(module); /* check if there's a show deleted control */ - control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); + show_del = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); + /* check if there's a show recycled control */ + show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID); - if (! control) { - /* FIXME: we could use a constant tree here once we - are sure that no ldb modules modify trees - in-situ */ + if ((show_del == NULL) && (show_rec == NULL)) { + /* Here we have to suppress all deleted objects: + * MS-ADTS 3.1.1.3.4.1 + * + * Filter: (&(!(isDeleted=TRUE))(...)) + */ + /* FIXME: we could use a constant tree here once we are sure + * that no ldb modules modify trees in-site */ new_tree = talloc(req, struct ldb_parse_tree); if (!new_tree) { return ldb_oom(ldb); @@ -61,6 +69,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re if (!new_tree->u.list.elements) { return ldb_oom(ldb); } + new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree); new_tree->u.list.elements[0]->operation = LDB_OP_NOT; new_tree->u.list.elements[0]->u.isnot.child = @@ -71,9 +80,41 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY; new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = "isDeleted"; new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE"); + + new_tree->u.list.elements[1] = req->op.search.tree; + } else if ((show_del != NULL) && (show_rec == NULL)) { + /* Here we need to suppress all recycled objects: + * MS-ADTS 3.1.1.3.4.1 + * + * Filter: (&(!(isRecycled=TRUE))(...)) + */ + /* FIXME: we could use a constant tree here once we are sure + * that no ldb modules modify trees in-site */ + new_tree = talloc(req, struct ldb_parse_tree); + if (!new_tree) { + return ldb_oom(ldb); + } + new_tree->operation = LDB_OP_AND; + new_tree->u.list.num_elements = 2; + new_tree->u.list.elements = talloc_array(new_tree, struct ldb_parse_tree *, 2); + if (!new_tree->u.list.elements) { + return ldb_oom(ldb); + } + + new_tree->u.list.elements[0] = talloc(new_tree->u.list.elements, struct ldb_parse_tree); + new_tree->u.list.elements[0]->operation = LDB_OP_NOT; + new_tree->u.list.elements[0]->u.isnot.child = + talloc(new_tree->u.list.elements, struct ldb_parse_tree); + if (!new_tree->u.list.elements[0]->u.isnot.child) { + return ldb_oom(ldb); + } + new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY; + new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = "isRecycled"; + new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE"); + new_tree->u.list.elements[1] = req->op.search.tree; } - + ret = ldb_build_search_req_ex(&down_req, ldb, req, req->op.search.base, req->op.search.scope, @@ -87,9 +128,12 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re return ret; } - /* mark the control as done */ - if (control) { - control->critical = 0; + /* mark the controls as done */ + if (show_del != NULL) { + show_del->critical = 0; + } + if (show_rec != NULL) { + show_rec->critical = 0; } /* perform the search */ @@ -110,6 +154,13 @@ static int show_deleted_init(struct ldb_module *module) return ldb_operr(ldb); } + ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_RECYCLED_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(ldb, LDB_DEBUG_ERROR, + "show_deleted: Unable to register control with rootdse!\n"); + return ldb_operr(ldb); + } + return ldb_next_init(module); } -- 2.34.1