s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptor

author Andrew Tridgell <tridge@samba.org>

Wed, 16 Dec 2009 09:39:55 +0000 (20:39 +1100)

committer Andrew Tridgell <tridge@samba.org>

Wed, 16 Dec 2009 09:56:24 +0000 (20:56 +1100)
author Andrew Tridgell <tridge@samba.org>
Wed, 16 Dec 2009 09:39:55 +0000 (20:39 +1100)
committer Andrew Tridgell <tridge@samba.org>
Wed, 16 Dec 2009 09:56:24 +0000 (20:56 +1100)
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c

index 0ea4b798b46356d96209e326aa51d8d6f299d204..3b1b13faf51e9912b7722af1234431f40229bed6 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -214,7 +214,8 @@ static const struct {
  
  enum op_remove {
         OPERATIONAL_REMOVE_ALWAYS, /* remove always */
-       OPERATIONAL_REMOVE_UNASKED /* remove if not requested */
+       OPERATIONAL_REMOVE_UNASKED,/* remove if not requested */
+       OPERATIONAL_SD_FLAGS       /* show if SD_FLAGS_OID set, or asked for */
  };
  
  /*
@@ -225,7 +226,7 @@ static const struct {
         const char *attr;
         enum op_remove op;
  } operational_remove[] = {
-       { "nTSecurityDescriptor",    OPERATIONAL_REMOVE_UNASKED },
+       { "nTSecurityDescriptor",    OPERATIONAL_SD_FLAGS },
         { "parentGUID",              OPERATIONAL_REMOVE_ALWAYS  },
         { "replPropertyMetaData",    OPERATIONAL_REMOVE_UNASKED },
         { "unicodePwd",              OPERATIONAL_REMOVE_UNASKED },
@@ -244,7 +245,8 @@ static const struct {
  */
  static int operational_search_post_process(struct ldb_module *module,
                                            struct ldb_message *msg,
-                                          const char * const *attrs)
+                                          const char * const *attrs,
+                                          bool sd_flags_set)
  {
         struct ldb_context *ldb;
         int i, a=0;
@@ -253,18 +255,20 @@ static int operational_search_post_process(struct ldb_module *module,
  
         /* removed any attrs that should not be shown to the user */
         for (i=0; i<ARRAY_SIZE(operational_remove); i++) {
-               struct ldb_message_element *el;
-
                 switch (operational_remove[i].op) {
                 case OPERATIONAL_REMOVE_UNASKED:
                         if (ldb_attr_in_list(attrs, operational_remove[i].attr)) {
                                 continue;
                         }
                 case OPERATIONAL_REMOVE_ALWAYS:
-                       el = ldb_msg_find_element(msg, operational_remove[i].attr);
-                       if (el) {
-                               ldb_msg_remove_element(msg, el);
+                       ldb_msg_remove_attr(msg, operational_remove[i].attr);
+                       break;
+               case OPERATIONAL_SD_FLAGS:
+                       if (sd_flags_set ||
+                           ldb_attr_in_list(attrs, operational_remove[i].attr)) {
+                               continue;
                         }
+                       ldb_msg_remove_attr(msg, operational_remove[i].attr);
                         break;
                 }
         }
@@ -321,6 +325,7 @@ struct operational_context {
         struct ldb_request *req;
  
         const char * const *attrs;
+       bool sd_flags_set;
  };
  
  static int operational_callback(struct ldb_request *req, struct ldb_reply *ares)
@@ -344,8 +349,9 @@ static int operational_callback(struct ldb_request *req, struct ldb_reply *ares)
                 /* for each record returned post-process to add any derived
                    attributes that have been asked for */
                 ret = operational_search_post_process(ac->module,
-                                                       ares->message,
-                                                       ac->attrs);
+                                                     ares->message,
+                                                     ac->attrs,
+                                                     ac->sd_flags_set);
                 if (ret != 0) {
                         return ldb_module_done(ac->req, NULL, NULL,
                                                 LDB_ERR_OPERATIONS_ERROR);
@@ -432,6 +438,9 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req
                 }
         }
  
+       /* remember if the SD_FLAGS_OID was set */
+       ac->sd_flags_set = (ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID) != NULL);
+
         ret = ldb_build_search_req_ex(&down_req, ldb, ac,
                                         req->op.search.base,
                                         req->op.search.scope,
author	Andrew Tridgell <tridge@samba.org>
	Wed, 16 Dec 2009 09:39:55 +0000 (20:39 +1100)
committer	Andrew Tridgell <tridge@samba.org>
	Wed, 16 Dec 2009 09:56:24 +0000 (20:56 +1100)