diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-01-02 15:01:23 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
commit | 6a4063f30273ff184364f276c5206c3507f37644 (patch) | |
tree | bda3c3523e406a0584c3ee64658e48e2782326e5 | |
parent | e8cc59eb781006c6193249128a1ffc4bcba8f28a (diff) | |
download | samba-6a4063f30273ff184364f276c5206c3507f37644.tar.gz samba-6a4063f30273ff184364f276c5206c3507f37644.tar.bz2 samba-6a4063f30273ff184364f276c5206c3507f37644.zip |
dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()
This commit enters the GUID into the object tree so that that access
rights assigned to the structural objectClass are also available, as
well as rights assigned to the attribute property groups.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_util.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c index 95ab2752c7..09ca201d94 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_util.c +++ b/source4/dsdb/samdb/ldb_modules/acl_util.c @@ -107,30 +107,30 @@ int acl_check_access_on_attribute(struct ldb_module *module, TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); struct security_token *token = acl_user_token(module); + if (!insert_in_object_tree(tmp_ctx, + &objectclass->schemaIDGUID, + access_mask, &root, + &new_node)) { + DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n")); + goto fail; + } + if (!GUID_all_zero(&attr->attributeSecurityGUID)) { if (!insert_in_object_tree(tmp_ctx, &attr->attributeSecurityGUID, - access_mask, &root, + access_mask, &new_node, &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n")); goto fail; } + } - if (!insert_in_object_tree(tmp_ctx, - &attr->schemaIDGUID, - access_mask, &new_node, - &new_node)) { - DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); - goto fail; - } - } else { - if (!insert_in_object_tree(tmp_ctx, - &attr->schemaIDGUID, - access_mask, &root, - &new_node)) { - DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); - goto fail; - } + if (!insert_in_object_tree(tmp_ctx, + &attr->schemaIDGUID, + access_mask, &new_node, + &new_node)) { + DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); + goto fail; } status = sec_access_check_ds(sd, token, |