From d5737f95402a2e6166d2e09ae5cbb3c57b4f66e5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 Nov 2012 17:59:45 +0100 Subject: [PATCH] HACK LDB_CONTROL_RECALCULATE_SD_OID, --- source4/dsdb/samdb/ldb_modules/descriptor.c | 28 +++++++++++++++------ 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 46f83904f283..e6668bfee6d0 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -698,17 +698,27 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) old_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor"); } + if ((sd_recalculate_control != NULL) && + (sd_recalculate_control->data != NULL)) + { + if (user_sd != NULL) { + return ldb_error(ldb, ret, + "descriptor_modify: RECALCULATE_SD with given value rejected"); + } + + sd_flags = 0x0000000F; + old_sd = NULL; + user_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor"); + } + sd = get_new_descriptor(module, dn, state, objectclass, parent_sd, user_sd, old_sd, sd_flags); msg = ldb_msg_copy_shallow(state, req->op.mod.message); if (sd != NULL) { struct ldb_message_element *sd_element; - if (user_sd != NULL) { - sd_element = ldb_msg_find_element(msg, - "nTSecurityDescriptor"); - sd_element->values[0] = *sd; - } else if (sd_recalculate_control != NULL) { + + if (sd_recalculate_control != NULL) { /* In this branch we really do force the recalculation * of the SD */ ldb_msg_remove_attr(msg, "nTSecurityDescriptor"); @@ -723,6 +733,10 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) sd_element = ldb_msg_find_element(msg, "nTSecurityDescriptor"); sd_element->flags = LDB_FLAG_MOD_REPLACE; + } else if (user_sd != NULL) { + sd_element = ldb_msg_find_element(msg, + "nTSecurityDescriptor"); + sd_element->values[0] = *sd; } } @@ -825,7 +839,7 @@ static int descriptor_modify_callback(struct ldb_request *mod_req, ret = ldb_request_add_control(sub_req, LDB_CONTROL_RECALCULATE_SD_OID, - true, NULL); + true, req); if (ret != LDB_SUCCESS) { talloc_free(ares); return ldb_module_done(req, NULL, NULL, @@ -1024,7 +1038,7 @@ static int descriptor_rename_callback(struct ldb_request *rename_req, ret = ldb_request_add_control(mod_req, LDB_CONTROL_RECALCULATE_SD_OID, - true, NULL); + true, req); if (ret != LDB_SUCCESS) { talloc_free(ares); return ldb_module_done(req, NULL, NULL, -- 2.34.1