- /*
+/*
ldb database library
Copyright (C) Simo Sorce 2006-2008
#include "auth/auth.h"
#include "param/param.h"
+struct descriptor_data {
+};
+
struct descriptor_context {
struct ldb_module *module;
struct ldb_request *req;
int (*step_fn)(struct descriptor_context *);
};
-static struct dsdb_class * get_last_structural_class(const struct dsdb_schema *schema, struct ldb_message_element *element)
+static const struct dsdb_class * get_last_structural_class(const struct dsdb_schema *schema, struct ldb_message_element *element)
{
- struct dsdb_class *last_class = NULL;
+ const struct dsdb_class *last_class = NULL;
int i;
for (i = 0; i < element->num_values; i++){
- if (!last_class)
+ if (!last_class) {
last_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
- else {
- struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
+ } else {
+ const struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
if (tmp_class->subClass_order > last_class->subClass_order)
last_class = tmp_class;
}
{
int *domainFunctionality;
- domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
+ domainFunctionality = talloc_get_type(
+ ldb_get_opaque(ldb, "domainFunctionality"), int);
- if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){
+ if (*domainFunctionality
+ && (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008)) {
return dag;
}
struct ldb_dn *dn,
TALLOC_CTX *mem_ctx,
const struct dsdb_class *objectclass,
- struct ldb_val *parent,
+ const struct ldb_val *parent,
struct ldb_val *object)
{
struct security_descriptor *user_descriptor = NULL, *parent_descriptor = NULL;
struct dom_sid *default_owner;
struct dom_sid *default_group;
- if (object){
+ if (object) {
user_descriptor = talloc(mem_ctx, struct security_descriptor);
if(!user_descriptor)
return NULL;
talloc_free(user_descriptor);
return NULL;
}
- }
- else
+ } else {
user_descriptor = get_sd_unpacked(module, mem_ctx, objectclass);
+ }
if (parent){
parent_descriptor = talloc(mem_ctx, struct security_descriptor);
ares->response, ares->error);
}
+ ldb_reset_err_string(ldb);
+
switch (ares->type) {
case LDB_REPLY_ENTRY:
if (ac->search_res != NULL) {
struct ldb_message *msg;
TALLOC_CTX *mem_ctx;
int ret;
- struct ldb_val *sd_val = NULL, *parentsd_val = NULL;
+ struct ldb_val *sd_val = NULL;
+ const struct ldb_val *parentsd_val = NULL;
DATA_BLOB *sd;
- struct dsdb_class *objectclass;
+ const struct dsdb_class *objectclass;
ldb = ldb_module_get_ctx(ac->module);
schema = dsdb_get_schema(ldb);
objectclass_element = ldb_msg_find_element(msg, "objectClass");
objectclass = get_last_structural_class(schema, objectclass_element);
- if (!objectclass)
+ if (!objectclass) {
+ ldb_asprintf_errstring(ldb, "No last structural objectclass found on %s", ldb_dn_get_linearized(msg->dn));
return LDB_ERR_OPERATIONS_ERROR;
+ }
if (sd_element)
sd_val = &sd_element->values[0];
/* NC's have no parent */
if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
- (ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
- (ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0))
+ (ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0)) {
parentsd_val = NULL;
- else if (ac->search_res != NULL)
+ } else if (ac->search_res != NULL){
parentsd_val = ldb_msg_find_ldb_val(ac->search_res->message, "nTSecurityDescriptor");
-
+ }
/* get the parent descriptor and the one provided. If not provided, get the default.*/
/* convert to security descriptor and calculate */
sd = get_new_descriptor(ac->module, msg->dn, mem_ctx, objectclass,
parentsd_val, sd_val);
+ if (sd_val) {
+ ldb_msg_remove_attr(msg, "nTSecurityDescriptor");
+ }
+
if (sd) {
- ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+ ret = ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
}
talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(ldb, msg);
if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "No last structural objectclass found on %s", ldb_dn_get_linearized(msg->dn));
return ret;
}
struct descriptor_context *ac;
struct ldb_dn *parent_dn;
int ret;
+ struct descriptor_data *data;
static const char * const descr_attrs[] = { "nTSecurityDescriptor", NULL };
+ data = talloc_get_type(ldb_module_get_private(module), struct descriptor_data);
ldb = ldb_module_get_ctx(module);
ldb_debug(ldb, LDB_DEBUG_TRACE, "descriptor_add\n");
return ldb_next_request(module, req);
}
+static int descriptor_init(struct ldb_module *module)
+{
+ struct ldb_context *ldb;
+ struct descriptor_data *data;
+
+ ldb = ldb_module_get_ctx(module);
+ data = talloc(module, struct descriptor_data);
+ if (data == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ldb_module_set_private(module, data);
+ return ldb_next_init(module);
+}
+
+
_PUBLIC_ const struct ldb_module_ops ldb_descriptor_module_ops = {
.name = "descriptor",
.add = descriptor_add,
.modify = descriptor_modify,
.rename = descriptor_rename,
+ .init_context = descriptor_init
};