diff options
| author | Kamen Mazdrashki <kamenim@samba.org> | 2014-11-07 07:07:07 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-02-03 05:02:11 +0100 |
| commit | 4c5c7d3c1c09835729404c13961572a9cb4be16c (patch) | |
| tree | 4b81c4a3496e6259cd73561f8cf25d2138d9d0a4 /source4/dsdb/samdb/ldb_modules/samldb.c | |
| parent | afd4b23dc938cf5c9f1f0b7e1c642852fbe68ef6 (diff) | |
| download | samba-4c5c7d3c1c09835729404c13961572a9cb4be16c.tar.gz | |
s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone reanimate
tombstone_reanimate.c module is going to restore those attributes
and it needs a way to propagate them to DB
Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/samldb.c')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d744ca8616d..24124c948b7 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2781,6 +2781,7 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) struct ldb_context *ldb; struct samldb_ctx *ac; struct ldb_message_element *el, *el2; + struct ldb_control *is_undelete; bool modified = false; int ret; @@ -2791,6 +2792,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) ldb = ldb_module_get_ctx(module); + /* + * we are going to need some special handling if in Undelete call. + * Since tombstone_reanimate module will restore certain attributes, + * we need to relax checks for: sAMAccountType, primaryGroupID + */ + is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID); + /* make sure that "objectSid" is not specified */ el = ldb_msg_find_element(req->op.mod.message, "objectSid"); if (el != NULL) { @@ -2800,12 +2808,14 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } } - /* make sure that "sAMAccountType" is not specified */ - el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType"); - if (el != NULL) { - ldb_set_errstring(ldb, - "samldb: sAMAccountType must not be specified!"); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (is_undelete == NULL) { + /* make sure that "sAMAccountType" is not specified */ + el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType"); + if (el != NULL) { + ldb_set_errstring(ldb, + "samldb: sAMAccountType must not be specified!"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } } /* make sure that "isCriticalSystemObject" is not specified */ el = ldb_msg_find_element(req->op.mod.message, "isCriticalSystemObject"); @@ -2849,11 +2859,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) return ldb_operr(ldb); } - el = ldb_msg_find_element(ac->msg, "primaryGroupID"); - if (el != NULL) { - ret = samldb_prim_group_trigger(ac); - if (ret != LDB_SUCCESS) { - return ret; + if (is_undelete == NULL) { + el = ldb_msg_find_element(ac->msg, "primaryGroupID"); + if (el != NULL) { + ret = samldb_prim_group_trigger(ac); + if (ret != LDB_SUCCESS) { + return ret; + } } } |