Also add error strings in descriptor module
const struct dsdb_class *last_class = NULL;
int i;
for (i = 0; i < element->num_values; i++){
const struct dsdb_class *last_class = NULL;
int i;
for (i = 0; i < element->num_values; i++){
last_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
last_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
const struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
if (tmp_class->subClass_order > last_class->subClass_order)
last_class = tmp_class;
const struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
if (tmp_class->subClass_order > last_class->subClass_order)
last_class = tmp_class;
struct dom_sid *default_owner;
struct dom_sid *default_group;
struct dom_sid *default_owner;
struct dom_sid *default_group;
user_descriptor = talloc(mem_ctx, struct security_descriptor);
if(!user_descriptor)
return NULL;
user_descriptor = talloc(mem_ctx, struct security_descriptor);
if(!user_descriptor)
return NULL;
talloc_free(user_descriptor);
return NULL;
}
talloc_free(user_descriptor);
return NULL;
}
user_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
user_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
if (parent){
parent_descriptor = talloc(mem_ctx, struct security_descriptor);
if (parent){
parent_descriptor = talloc(mem_ctx, struct security_descriptor);
ares->response, ares->error);
}
ares->response, ares->error);
}
+ ldb_reset_err_string(ldb);
+
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {
objectclass_element = ldb_msg_find_element(msg, "objectClass");
objectclass = get_last_structural_class(schema, objectclass_element);
objectclass_element = ldb_msg_find_element(msg, "objectClass");
objectclass = get_last_structural_class(schema, objectclass_element);
+ if (!objectclass) {
+ ldb_asprintf_errstring(ldb, "No last structural objectclass found on %s", ldb_dn_get_linearized(msg->dn));
return LDB_ERR_OPERATIONS_ERROR;
return LDB_ERR_OPERATIONS_ERROR;
if (sd_element)
sd_val = &sd_element->values[0];
/* NC's have no parent */
if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
if (sd_element)
sd_val = &sd_element->values[0];
/* NC's have no parent */
if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
- (ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
- (ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0))
+ (ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0)) {
- else if (ac->search_res != NULL)
+ } else if (ac->search_res != NULL){
parentsd_val = ldb_msg_find_ldb_val(ac->search_res->message, "nTSecurityDescriptor");
parentsd_val = ldb_msg_find_ldb_val(ac->search_res->message, "nTSecurityDescriptor");
/* get the parent descriptor and the one provided. If not provided, get the default.*/
/* convert to security descriptor and calculate */
sd = get_new_descriptor(ac->module, msg->dn, mem_ctx, objectclass,
parentsd_val, sd_val);
/* get the parent descriptor and the one provided. If not provided, get the default.*/
/* convert to security descriptor and calculate */
sd = get_new_descriptor(ac->module, msg->dn, mem_ctx, objectclass,
parentsd_val, sd_val);
+ if (sd_val) {
+ ldb_msg_remove_attr(msg, "nTSecurityDescriptor");
+ }
+
- ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+ ret = ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
}
talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(ldb, msg);
if (ret != LDB_SUCCESS) {
}
talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(ldb, msg);
if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "No last structural objectclass found on %s", ldb_dn_get_linearized(msg->dn));
ares->response, ares->error);
}
ares->response, ares->error);
}
+ ldb_reset_err_string(ldb);
+
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {