summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-01-02 15:01:23 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-21 16:12:45 +0100
commit6a4063f30273ff184364f276c5206c3507f37644 (patch)
treebda3c3523e406a0584c3ee64658e48e2782326e5
parente8cc59eb781006c6193249128a1ffc4bcba8f28a (diff)
downloadsamba-6a4063f30273ff184364f276c5206c3507f37644.tar.gz
samba-6a4063f30273ff184364f276c5206c3507f37644.tar.bz2
samba-6a4063f30273ff184364f276c5206c3507f37644.zip
dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()
This commit enters the GUID into the object tree so that that access rights assigned to the structural objectClass are also available, as well as rights assigned to the attribute property groups. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_util.c32
1 files changed, 16 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 95ab2752c7..09ca201d94 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -107,30 +107,30 @@ int acl_check_access_on_attribute(struct ldb_module *module,
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_token *token = acl_user_token(module);
+ if (!insert_in_object_tree(tmp_ctx,
+ &objectclass->schemaIDGUID,
+ access_mask, &root,
+ &new_node)) {
+ DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n"));
+ goto fail;
+ }
+
if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
if (!insert_in_object_tree(tmp_ctx,
&attr->attributeSecurityGUID,
- access_mask, &root,
+ access_mask, &new_node,
&new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
goto fail;
}
+ }
- if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID,
- access_mask, &new_node,
- &new_node)) {
- DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
- goto fail;
- }
- } else {
- if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID,
- access_mask, &root,
- &new_node)) {
- DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
- goto fail;
- }
+ if (!insert_in_object_tree(tmp_ctx,
+ &attr->schemaIDGUID,
+ access_mask, &new_node,
+ &new_node)) {
+ DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
+ goto fail;
}
status = sec_access_check_ds(sd, token,