const struct dsdb_class *computer_objectclass = NULL;
const struct ldb_message_element *oc_el = NULL;
struct ldb_message_element sorted_oc_el;
- struct ldb_control *as_system;
struct ldb_control *sd_ctrl = NULL;
struct ldb_message_element *el;
unsigned int instanceType = 0;
return ldb_next_request(module, req);
}
- as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- if (as_system != NULL) {
- as_system->critical = 0;
- }
-
- if (dsdb_module_am_system(module) || as_system) {
+ if (dsdb_have_system_access(module, req, SYSTEM_CONTROL_STRIP_CRITICAL))
+ {
return ldb_next_request(module, req);
}
struct ldb_result *acl_res;
struct security_descriptor *sd;
struct dom_sid *sid = NULL;
- struct ldb_control *as_system;
struct ldb_control *is_undelete;
struct ldb_control *implicit_validated_write_control = NULL;
bool userPassword;
return ldb_next_request(module, req);
}
- as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- if (as_system != NULL) {
- as_system->critical = 0;
- }
-
is_undelete = ldb_request_get_control(req, DSDB_CONTROL_RESTORE_TOMBSTONE_OID);
implicit_validated_write_control = ldb_request_get_control(
if (msg->num_elements > 0) {
DEBUG(10, ("ldb:acl_modify: %s\n", msg->elements[0].name));
}
- if (dsdb_module_am_system(module) || as_system) {
+ if (dsdb_have_system_access(module, req, SYSTEM_CONTROL_STRIP_CRITICAL))
+ {
return ldb_next_request(module, req);
}
struct ldb_dn *parent;
struct ldb_context *ldb;
struct ldb_dn *nc_root;
- struct ldb_control *as_system;
const struct dsdb_schema *schema;
const struct dsdb_class *objectclass;
struct security_descriptor *sd = NULL;
return ldb_next_request(module, req);
}
- as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- if (as_system != NULL) {
- as_system->critical = 0;
- }
-
- if (dsdb_module_am_system(module) || as_system) {
+ if (dsdb_have_system_access(module, req, SYSTEM_CONTROL_STRIP_CRITICAL))
+ {
return ldb_next_request(module, req);
}
struct dom_sid *sid = NULL;
struct ldb_result *acl_res;
struct ldb_dn *nc_root;
- struct ldb_control *as_system;
struct ldb_control *is_undelete;
TALLOC_CTX *tmp_ctx;
const char *rdn_name;
return ldb_next_request(module, req);
}
- as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- if (as_system != NULL) {
- as_system->critical = 0;
- }
-
DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn)));
- if (dsdb_module_am_system(module) || as_system) {
+ if (dsdb_have_system_access(module, req, SYSTEM_CONTROL_STRIP_CRITICAL))
+ {
return ldb_next_request(module, req);
}
static int acl_extended(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
- struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
/* allow everybody to read the sequence number */
if (strcmp(req->op.extended.oid,
return ldb_next_request(module, req);
}
- if (dsdb_module_am_system(module) ||
- dsdb_module_am_administrator(module) || as_system) {
+ if (dsdb_have_system_access(module,
+ req,
+ SYSTEM_CONTROL_KEEP_CRITICAL) ||
+ dsdb_module_am_administrator(module))
+ {
return ldb_next_request(module, req);
} else {
ldb_asprintf_errstring(ldb,