diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-01-02 14:54:20 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
commit | 730433984c9f3dd30ee0b07dc22af56b4d3a062f (patch) | |
tree | d2285b64ff35f32a37063818e4342e2bf68e9899 | |
parent | 6d7e53aaac8c95f86e1eb8593880ae1c09d973d4 (diff) | |
download | samba-730433984c9f3dd30ee0b07dc22af56b4d3a062f.tar.gz samba-730433984c9f3dd30ee0b07dc22af56b4d3a062f.tar.bz2 samba-730433984c9f3dd30ee0b07dc22af56b4d3a062f.zip |
dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 990089256a..629e0c8b8c 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1303,6 +1303,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) struct ldb_dn *oldparent; struct ldb_dn *newparent; const struct dsdb_schema *schema; + const struct dsdb_class *objectclass; struct ldb_context *ldb; struct security_descriptor *sd = NULL; struct dom_sid *sid = NULL; @@ -1389,12 +1390,18 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) return ldb_operr(ldb); } - guid = get_oc_guid_from_message(schema, acl_res->msgs[0]); - if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP, + objectclass = dsdb_get_structural_oc_from_msg(schema, acl_res->msgs[0]); + if (!objectclass) { + talloc_free(tmp_ctx); + return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, + "acl_modify: Error retrieving object class for GUID."); + } + + if (!insert_in_object_tree(tmp_ctx, &objectclass->schemaIDGUID, SEC_ADS_WRITE_PROP, &root, &new_node)) { talloc_free(tmp_ctx); return ldb_operr(ldb); - }; + } guid = attribute_schemaid_guid_by_lDAPDisplayName(schema, "name"); @@ -1402,7 +1409,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) &new_node, &new_node)) { talloc_free(tmp_ctx); return ldb_operr(ldb); - }; + } rdn_name = ldb_dn_get_rdn_name(req->op.rename.olddn); if (rdn_name == NULL) { @@ -1457,15 +1464,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) /* new parent should have create child */ root = NULL; new_node = NULL; - guid = get_oc_guid_from_message(schema, acl_res->msgs[0]); - if (!guid) { - ldb_asprintf_errstring(ldb_module_get_ctx(module), - "acl:renamed object has no object class\n"); - talloc_free(tmp_ctx); - return ldb_module_done(req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); - } - ret = dsdb_module_check_access_on_dn(module, req, newparent, SEC_ADS_CREATE_CHILD, guid, req); + ret = dsdb_module_check_access_on_dn(module, req, newparent, + SEC_ADS_CREATE_CHILD, + &objectclass->schemaIDGUID, req); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb_module_get_ctx(module), "acl:access_denied renaming %s", |