summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-01-02 09:26:15 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-21 16:12:45 +0100
commit6ab41506857814d69d897471a14002d98fb4c172 (patch)
treeea37e87a1f17a223e87bb70353cc018cd0d44c98
parent730433984c9f3dd30ee0b07dc22af56b4d3a062f (diff)
downloadsamba-6ab41506857814d69d897471a14002d98fb4c172.tar.gz
samba-6ab41506857814d69d897471a14002d98fb4c172.tar.bz2
samba-6ab41506857814d69d897471a14002d98fb4c172.zip
dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than class_schemaid_guid_by_lDAPDisplayName
This uses dsdb_get_last_structural_objectclass(), which encodes this ordering knowledge in one place in the code, rather than using this uncommented magic expression: (char *)oc_el->values[oc_el->num_values-1].data Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 629e0c8b8c..2a1a8538ac 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -763,8 +763,7 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
struct ldb_dn *parent;
struct ldb_context *ldb;
const struct dsdb_schema *schema;
- struct ldb_message_element *oc_el;
- const struct GUID *guid;
+ const struct dsdb_class *objectclass;
struct ldb_dn *nc_root;
struct ldb_control *as_system;
@@ -806,17 +805,17 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
return ldb_operr(ldb);
}
- oc_el = ldb_msg_find_element(req->op.add.message, "objectClass");
- if (!oc_el || oc_el->num_values == 0) {
+ objectclass = dsdb_get_structural_oc_from_msg(schema, req->op.add.message);
+ if (!objectclass) {
ldb_asprintf_errstring(ldb_module_get_ctx(module),
- "acl: unable to find objectClass on %s\n",
+ "acl: unable to find or validate structrual objectClass on %s\n",
ldb_dn_get_linearized(req->op.add.message->dn));
return ldb_module_done(req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
}
- guid = class_schemaid_guid_by_lDAPDisplayName(schema,
- (char *)oc_el->values[oc_el->num_values-1].data);
- ret = dsdb_module_check_access_on_dn(module, req, parent, SEC_ADS_CREATE_CHILD, guid, req);
+ ret = dsdb_module_check_access_on_dn(module, req, parent,
+ SEC_ADS_CREATE_CHILD,
+ &objectclass->schemaIDGUID, req);
if (ret != LDB_SUCCESS) {
return ret;
}