s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone reanimate
authorKamen Mazdrashki <kamenim@samba.org>
Fri, 7 Nov 2014 06:07:07 +0000 (07:07 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 15 Dec 2014 22:41:45 +0000 (11:41 +1300)
tombstone_reanimate.c module is going to restore those attributes
and it needs a way to propagate them to DB

Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
source4/dsdb/samdb/ldb_modules/samldb.c

index ec47cf595655b5b60545a023acd535b2a6118a29..96ffcd47655f1a582a3cb25b22187aea29de785f 100644 (file)
@@ -2444,6 +2444,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
        struct ldb_context *ldb;
        struct samldb_ctx *ac;
        struct ldb_message_element *el, *el2;
+       struct ldb_control *is_undelete;
        bool modified = false;
        int ret;
 
@@ -2454,6 +2455,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
 
        ldb = ldb_module_get_ctx(module);
 
+       /*
+        * we are going to need some special handling if in Undelete call.
+        * Since tombstone_reanimate module will restore certain attributes,
+        * we need to relax checks for: sAMAccountType, primaryGroupID
+        */
+       is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
+
        /* make sure that "objectSid" is not specified */
        el = ldb_msg_find_element(req->op.mod.message, "objectSid");
        if (el != NULL) {
@@ -2463,12 +2471,14 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
                        return LDB_ERR_UNWILLING_TO_PERFORM;
                }
        }
-       /* make sure that "sAMAccountType" is not specified */
-       el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
-       if (el != NULL) {
-               ldb_set_errstring(ldb,
-                                 "samldb: sAMAccountType must not be specified!");
-               return LDB_ERR_UNWILLING_TO_PERFORM;
+       if (is_undelete == NULL) {
+               /* make sure that "sAMAccountType" is not specified */
+               el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
+               if (el != NULL) {
+                       ldb_set_errstring(ldb,
+                                         "samldb: sAMAccountType must not be specified!");
+                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               }
        }
        /* make sure that "isCriticalSystemObject" is not specified */
        el = ldb_msg_find_element(req->op.mod.message, "isCriticalSystemObject");
@@ -2512,11 +2522,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
                return ldb_operr(ldb);
        }
 
-       el = ldb_msg_find_element(ac->msg, "primaryGroupID");
-       if (el != NULL) {
-               ret = samldb_prim_group_trigger(ac);
-               if (ret != LDB_SUCCESS) {
-                       return ret;
+       if (is_undelete == NULL) {
+               el = ldb_msg_find_element(ac->msg, "primaryGroupID");
+               if (el != NULL) {
+                       ret = samldb_prim_group_trigger(ac);
+                       if (ret != LDB_SUCCESS) {
+                               return ret;
+                       }
                }
        }