diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-11-24 09:15:24 +0100 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:20 +0100 |
| commit | b54d268e2042f36bc670cf8f4f33cddd957e1d34 (patch) | |
| tree | 6a4a634a56e701b35d9095e9985b9fa57a31c2a7 | |
| parent | f67f469ce101e48301de790b5c31f8d4e712e0ea (diff) | |
| download | samba-b54d268e2042f36bc670cf8f4f33cddd957e1d34.tar.gz samba-b54d268e2042f36bc670cf8f4f33cddd957e1d34.tar.bz2 samba-b54d268e2042f36bc670cf8f4f33cddd957e1d34.zip | |
s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes
The @KLUDGEACL record might not be uptodate.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 2cc028f592..4a288f152f 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -79,9 +79,12 @@ static int acl_module_init(struct ldb_module *module) struct ldb_context *ldb; struct acl_private *data; int ret; - unsigned int i; + unsigned int i, n, j; TALLOC_CTX *mem_ctx; - static const char *attrs[] = { "passwordAttribute", NULL }; + static const char * const attrs[] = { "passwordAttribute", NULL }; + static const char * const secret_attrs[] = { + DSDB_SECRET_ATTRIBUTES + }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *password_attributes; @@ -133,16 +136,44 @@ static int acl_module_init(struct ldb_module *module) if (!password_attributes) { goto done; } - data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1); + data->password_attrs = talloc_array(data, const char *, + password_attributes->num_values + + ARRAY_SIZE(secret_attrs) + 1); if (!data->password_attrs) { talloc_free(mem_ctx); return ldb_oom(ldb); } + + n = 0; for (i=0; i < password_attributes->num_values; i++) { - data->password_attrs[i] = (const char *)password_attributes->values[i].data; + data->password_attrs[n] = (const char *)password_attributes->values[i].data; talloc_steal(data->password_attrs, password_attributes->values[i].data); + n++; + } + + for (i=0; i < ARRAY_SIZE(secret_attrs); i++) { + bool found = false; + + for (j=0; j < n; j++) { + if (strcasecmp(data->password_attrs[j], secret_attrs[i]) == 0) { + found = true; + break; + } + } + + if (found) { + continue; + } + + data->password_attrs[n] = talloc_strdup(data->password_attrs, + secret_attrs[i]); + if (data->password_attrs[n] == NULL) { + talloc_free(mem_ctx); + return ldb_oom(ldb); + } + n++; } - data->password_attrs[i] = NULL; + data->password_attrs[n] = NULL; done: talloc_free(mem_ctx); |