diff options
| author | Stefan Metzmacher <metze@samba.org> | 2014-07-07 12:00:14 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-07-09 08:42:07 +0200 |
| commit | 9e6349f81edb3914d18bc50473d65c0c1f5bc113 (patch) | |
| tree | 082c647c7ebe095e01069c3d945173cfbe7f9926 | |
| parent | fa177273b87d980f81f19acb2f1a9154f8c6bfd9 (diff) | |
| download | samba-9e6349f81edb3914d18bc50473d65c0c1f5bc113.tar.gz samba-9e6349f81edb3914d18bc50473d65c0c1f5bc113.tar.xz samba-9e6349f81edb3914d18bc50473d65c0c1f5bc113.zip | |
s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED
We should take the controls the caller provided when we search
for existing objects.
A search with a basedn of '<GUID=....>' should result in LDB_ERR_NO_SUCH_OBJECT
is the object has isDeleted=TRUE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c index df45f75265..f738bc42fb 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c @@ -318,6 +318,7 @@ struct extended_dn_filter_ctx { struct ldb_module *module; struct ldb_request *req; struct dsdb_schema *schema; + uint32_t dsdb_flags; }; /* @@ -421,10 +422,7 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat return LDB_SUCCESS; } - dsdb_flags = DSDB_FLAG_NEXT_MODULE | - DSDB_FLAG_AS_SYSTEM | - DSDB_SEARCH_SHOW_RECYCLED | - DSDB_SEARCH_SHOW_EXTENDED_DN; + dsdb_flags = filter_ctx->dsdb_flags | DSDB_FLAG_NEXT_MODULE; if (guid_val) { expression = talloc_asprintf(filter_ctx, "objectGUID=%s", ldb_binary_encode(filter_ctx, *guid_val)); @@ -485,7 +483,9 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat fix the parse tree to change any extended DN components to their caconical form */ -static int extended_dn_fix_filter(struct ldb_module *module, struct ldb_request *req) +static int extended_dn_fix_filter(struct ldb_module *module, + struct ldb_request *req, + uint32_t default_dsdb_flags) { struct extended_dn_filter_ctx *filter_ctx; int ret; @@ -503,6 +503,7 @@ static int extended_dn_fix_filter(struct ldb_module *module, struct ldb_request filter_ctx->module = module; filter_ctx->req = req; filter_ctx->schema = dsdb_get_schema(ldb_module_get_ctx(module), filter_ctx); + filter_ctx->dsdb_flags= default_dsdb_flags; ret = ldb_parse_tree_walk(req->op.search.tree, extended_dn_filter_callback, filter_ctx); if (ret != LDB_SUCCESS) { @@ -551,10 +552,20 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req static const char *no_attr[] = { NULL }; - bool all_partitions = false; + uint32_t dsdb_flags = DSDB_FLAG_AS_SYSTEM | DSDB_SEARCH_SHOW_EXTENDED_DN; + + if (ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID)) { + dsdb_flags |= DSDB_SEARCH_SHOW_DELETED; + } + if (ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID)) { + dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED; + } + if (ldb_request_get_control(req, DSDB_CONTROL_DBCHECK)) { + dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED; + } if (req->operation == LDB_SEARCH) { - ret = extended_dn_fix_filter(module, req); + ret = extended_dn_fix_filter(module, req, dsdb_flags); if (ret != LDB_SUCCESS) { return ret; } @@ -566,7 +577,6 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req } else { /* It looks like we need to map the DN */ const struct ldb_val *sid_val, *guid_val, *wkguid_val; - uint32_t dsdb_flags = 0; if (!ldb_dn_match_allowed(dn, req)) { return ldb_error(ldb_module_get_ctx(module), @@ -583,7 +593,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req ForeignSecurityPrinciples due to provision errors */ if (guid_val) { - all_partitions = true; + dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS; base_dn = NULL; base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", ldb_binary_encode(req, *guid_val)); @@ -594,7 +604,7 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req base_dn_attrs = no_attr; } else if (sid_val) { - all_partitions = true; + dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS; base_dn = NULL; base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", ldb_binary_encode(req, *sid_val)); @@ -671,13 +681,6 @@ static int extended_dn_in_fix(struct ldb_module *module, struct ldb_request *req return ldb_operr(ldb_module_get_ctx(module)); } - dsdb_flags = DSDB_FLAG_AS_SYSTEM | - DSDB_SEARCH_SHOW_RECYCLED | - DSDB_SEARCH_SHOW_EXTENDED_DN; - if (all_partitions) { - dsdb_flags |= DSDB_SEARCH_SEARCH_ALL_PARTITIONS; - } - ret = dsdb_request_add_controls(down_req, dsdb_flags); if (ret != LDB_SUCCESS) { return ret; |