s4:mark the SYSTEM control always as non-critical

It is needed to not break the various LDAP backends. For reference look at
bug #7040.

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index a779821107f0bd22d428c366937e04adb901b4e7..5f50084281b3eb5a211a91ea531e3a813d6c2fc0 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -441,6 +441,11 @@ static int acl_allowedAttributes(struct ldb_module *module,
                struct dom_sid *sid = NULL;
                struct ldb_control *as_system = ldb_request_get_control(ac->req,
                                                                        LDB_CONTROL_AS_SYSTEM_OID);
+
+               if (as_system != NULL) {
+                       as_system->critical = 0;
+               }
+
                ldb_msg_remove_attr(msg, "allowedAttributesEffective");
                if (ac->am_system || as_system) {
                        for (i=0; attr_list && attr_list[i]; i++) {
@@ -558,6 +563,10 @@ static int acl_childClassesEffective(struct ldb_module *module,
        struct dom_sid *sid = NULL;
        int i, j, ret;
 
+       if (as_system != NULL) {
+               as_system->critical = 0;
+       }
+
        if (ac->am_system || as_system) {
                return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective");
        }
@@ -636,6 +645,10 @@ static int acl_sDRightsEffective(struct ldb_module *module,
        struct dom_sid *sid = NULL;
        uint32_t flags = 0;
 
+       if (as_system != NULL) {
+               as_system->critical = 0;
+       }
+
        /* Must remove any existing attribute, or else confusion reins */
        ldb_msg_remove_attr(msg, "sDRightsEffective");
        ret = ldb_msg_add_empty(msg, "sDRightsEffective", 0, &rightsEffective);
@@ -699,6 +712,10 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
        struct object_tree *new_node = NULL;
        struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
 
+       if (as_system != NULL) {
+               as_system->critical = 0;
+       }
+
        if (dsdb_module_am_system(module) || as_system) {
                return ldb_next_request(module, req);
        }
@@ -760,6 +777,10 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
                NULL
        };
 
+       if (as_system != NULL) {
+               as_system->critical = 0;
+       }
+
        /* Don't print this debug statement if elements[0].name is going to be NULL */
        if(req->op.mod.message->num_elements > 0)
        {
@@ -892,6 +913,10 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req)
        struct ldb_context *ldb;
        struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
 
+       if (as_system != NULL) {
+               as_system->critical = 0;
+       }
+
        DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn)));
        if (dsdb_module_am_system(module) || as_system) {
                return ldb_next_request(module, req);
@@ -946,6 +971,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
                NULL
        };
 
+       if (as_system != NULL) {
+               as_system->critical = 0;
+       }
+
        DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn)));
        if (dsdb_module_am_system(module) || as_system) {
                return ldb_next_request(module, req);