This allows for controls to be added easily where they are needed.
const char *attr_name)
{
/* we use an empty replace rather than a delete, as it allows for
- samdb_replace() to be used everywhere */
+ dsdb_replace() to be used everywhere */
return ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL);
}
return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, str);
}
-/*
- replace elements in a record
-*/
-int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
-{
- int i;
-
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
- for (i=0;i<msg->num_elements;i++) {
- msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
- /* modify the samdb record */
- return ldb_modify(sam_ldb, msg);
-}
-
/*
* Handle ldb_request in transaction
*/
static int dsdb_autotransaction_request(struct ldb_context *sam_ldb,
- struct ldb_request *req)
+ struct ldb_request *req)
{
int ret;
return ret;
}
-/*
- * replace elements in a record using LDB_CONTROL_AS_SYSTEM
- * used to skip access checks on operations
- * that are performed by the system
- */
-int samdb_replace_as_system(struct ldb_context *sam_ldb,
- TALLOC_CTX *mem_ctx,
- struct ldb_message *msg)
-{
- int i;
- int ldb_ret;
- struct ldb_request *req = NULL;
-
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
- for (i=0;i<msg->num_elements;i++) {
- msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
-
- ldb_ret = ldb_msg_sanity_check(sam_ldb, msg);
- if (ldb_ret != LDB_SUCCESS) {
- return ldb_ret;
- }
-
- ldb_ret = ldb_build_mod_req(&req, sam_ldb, mem_ctx,
- msg,
- NULL,
- NULL,
- ldb_op_default_callback,
- NULL);
-
- if (ldb_ret != LDB_SUCCESS) {
- talloc_free(req);
- return ldb_ret;
- }
-
- ldb_ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL);
- if (ldb_ret != LDB_SUCCESS) {
- talloc_free(req);
- return ldb_ret;
- }
-
- /* do request and auto start a transaction */
- ldb_ret = dsdb_autotransaction_request(sam_ldb, req);
-
- talloc_free(req);
- return ldb_ret;
-}
-
/*
return a default security descriptor
*/
}
/* modify the samdb record */
- ret = samdb_replace(ldb, mem_ctx, msg);
+ ret = dsdb_replace(ldb, msg, 0);
if (ret != LDB_SUCCESS) {
ldb_transaction_cancel(ldb);
talloc_free(user_dn);
}
}
+ if (dsdb_flags & DSDB_FLAG_AS_SYSTEM) {
+ ret = ldb_request_add_control(req, LDB_CONTROL_AS_SYSTEM_OID, false, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+
return LDB_SUCCESS;
}
return ret;
}
- ret = ldb_request(ldb, req);
- if (ret == LDB_SUCCESS) {
- ret = ldb_wait(req->handle, LDB_WAIT_ALL);
- }
+ ret = dsdb_autotransaction_request(ldb, req);
talloc_free(req);
return ret;
}
+
+/*
+ like dsdb_modify() but set all the element flags to
+ LDB_FLAG_MOD_REPLACE
+ */
+int dsdb_replace(struct ldb_context *ldb, struct ldb_message *msg, uint32_t dsdb_flags)
+{
+ int i;
+
+ /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+ for (i=0;i<msg->num_elements;i++) {
+ msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ }
+
+ return dsdb_modify(ldb, msg, dsdb_flags);
+}
#define DSDB_SEARCH_SHOW_EXTENDED_DN 0x0010
#define DSDB_MODIFY_RELAX 0x0020
#define DSDB_MODIFY_PERMISSIVE 0x0040
+#define DSDB_FLAG_AS_SYSTEM 0x0080
#include "includes.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "lib/ldb/include/ldb_errors.h"
#include "../lib/util/dlinklist.h"
#include "librpc/gen_ndr/ndr_misc.h"
return WERR_NOMEM;
}
- ldb_ret = samdb_replace_as_system(ldb, temp_ctx, msg);
+ ldb_ret = dsdb_replace(ldb, msg, DSDB_FLAG_AS_SYSTEM);
talloc_free(temp_ctx);
if (ldb_ret != 0) {
- DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: samdb_replace failed\n"));
+ DEBUG(0,("dsdb_write_prefixes_from_schema_to_ldb: dsdb_replace failed\n"));
return WERR_FOOBAR;
}
mod_msg = ldb_msg_diff(ldb, res->msgs[0], msg);
if (mod_msg->num_elements > 0) {
- ret = samdb_replace(ldb, mem_ctx, mod_msg);
+ ret = dsdb_replace(ldb, mod_msg, 0);
}
}
mod_msg = ldb_msg_diff(ldb, res_idx->msgs[0], msg_idx);
if (mod_msg->num_elements > 0) {
- ret = samdb_replace(ldb, mem_ctx, mod_msg);
+ ret = dsdb_replace(ldb, mod_msg, 0);
}
}
if (ret == LDB_ERR_OPERATIONS_ERROR || ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS || ret == LDB_ERR_INVALID_DN_SYNTAX) {
if (NT_STATUS_IS_OK(status)) {
/* modify the samdb record */
- ret = samdb_replace(samdb, mem_ctx, msg);
+ ret = dsdb_replace(samdb, msg, 0);
if (ret != 0) {
DEBUG(2,("Failed to modify record to set password on %s: %s\n",
ldb_dn_get_linearized(msg->dn),
return NT_STATUS_NO_MEMORY;
}
- rtn = samdb_replace(remote_ldb, tmp_ctx, msg);
+ rtn = dsdb_replace(remote_ldb, msg, 0);
if (rtn != 0) {
r->out.error_string
= talloc_asprintf(r,
/* TODO: Account lockout, password properties */
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret) {
return NT_STATUS_INTERNAL_ERROR;
}
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify user record %s: %s",
ldb_dn_get_linearized(msg->dn),
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
talloc_free(msgs);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify alias record %s: %s",
ldb_dn_get_linearized(msg->dn),
talloc_free(msgs);
}
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify group record %s: %s",
ldb_dn_get_linearized(msg->dn),
account->privilege_name[i].string);
}
- ret = samdb_replace(state->pdb, mem_ctx, msg);
+ ret = dsdb_replace(state->pdb, msg, 0);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
if (samdb_msg_add_dom_sid(state->pdb, msg, msg, "objectSid", sid) != LDB_SUCCESS) {
talloc_free(msg);
samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,
"privilege");
- ret = samdb_replace(state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(state->sam_ldb, msg, 0);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, "Failed to modify privilege record %s",
ldb_dn_get_linearized(msg->dn));
return WERR_UNKNOWN_LEVEL;
}
- ret = samdb_replace(sptr_db, mem_ctx, msg);
+ ret = dsdb_replace(sptr_db, msg, 0);
if (ret != 0) {
return WERR_FOOBAR;
}
}
/* modify the samdb record */
- ret = samdb_replace(secret_state->sam_ldb, mem_ctx, msg);
+ ret = dsdb_replace(secret_state->sam_ldb, msg, 0);
if (ret != LDB_SUCCESS) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
"operatingSystemVersion");
- if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) {
+ if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) {
DEBUG(3,("Impossible to update samdb: %s\n",
ldb_errstring(sam_ctx)));
}
);
}
- if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) {
+ if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) {
DEBUG(3,("Impossible to update samdb: %s\n",
ldb_errstring(sam_ctx)));
}
}
/* modify the samdb record */
- ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
+ ret = dsdb_replace(a_state->sam_ctx, msg, 0);
if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to modify account record %s to set userAccountControl: %s\n",
ldb_dn_get_linearized(msg->dn),
/* The above call only setup the modifications, this actually
* makes the write to the database. */
- ret = samdb_replace(sam_ctx, mem_ctx, msg);
+ ret = dsdb_replace(sam_ctx, msg, 0);
if (ret != LDB_SUCCESS) {
DEBUG(2,("Failed to modify record to change password on %s: %s\n",
ldb_dn_get_linearized(a_state->account_dn),
/* The above call only setup the modifications, this actually
* makes the write to the database. */
- ret = samdb_replace(sam_ctx, mem_ctx, mod);
+ ret = dsdb_replace(sam_ctx, mod, 0);
if (ret != LDB_SUCCESS) {
DEBUG(2,("Failed to modify record to change password on %s: %s\n",
ldb_dn_get_linearized(user_dn),
/* The above call only setup the modifications, this actually
* makes the write to the database. */
- ret = samdb_replace(sam_ctx, mem_ctx, mod);
+ ret = dsdb_replace(sam_ctx, mod, 0);
if (ret != LDB_SUCCESS) {
- DEBUG(2,("samdb_replace failed to change password for %s: %s\n",
+ DEBUG(2,("dsdb_replace failed to change password for %s: %s\n",
ldb_dn_get_linearized(user_dn),
ldb_errstring(sam_ctx)));
status = NT_STATUS_UNSUCCESSFUL;