diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-01-16 16:39:35 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
| commit | d695b8abc7a2e4f7e1853d0c61fe0c03fc786111 (patch) | |
| tree | 99720570eb5b54297c4a334b1a0b7d0e24e77015 /source4/dsdb/samdb/ldb_modules/acl.c | |
| parent | ddfb8fe89c493c485250d59868312614c79a9cc1 (diff) | |
| download | samba-d695b8abc7a2e4f7e1853d0c61fe0c03fc786111.tar.gz samba-d695b8abc7a2e4f7e1853d0c61fe0c03fc786111.tar.bz2 samba-d695b8abc7a2e4f7e1853d0c61fe0c03fc786111.zip | |
dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributes
"clearTextPassword" is the only exception.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/acl.c')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index ec21db35b6..b8fab552e1 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1072,8 +1072,24 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) const struct ldb_message_element *el = &msg->elements[i]; const struct dsdb_attribute *attr; - attr = dsdb_attribute_by_lDAPDisplayName(schema, - el->name); + /* + * This basic attribute existence check with the right errorcode + * is needed since this module is the first one which requests + * schema attribute information. + * The complete attribute checking is done in the + * "objectclass_attrs" module behind this one. + * + * NOTE: "clearTextPassword" is not defined in the schema. + */ + attr = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + if (!attr && ldb_attr_cmp("clearTextPassword", el->name) != 0) { + ldb_asprintf_errstring(ldb, "acl_modify: attribute '%s' " + "on entry '%s' was not found in the schema!", + req->op.mod.message->elements[i].name, + ldb_dn_get_linearized(req->op.mod.message->dn)); + ret = LDB_ERR_NO_SUCH_ATTRIBUTE; + goto fail; + } if (ldb_attr_cmp("nTSecurityDescriptor", el->name) == 0) { uint32_t sd_flags = dsdb_request_sd_flags(req, NULL); @@ -1150,20 +1166,6 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) struct object_tree *root = NULL; struct object_tree *new_node = NULL; - /* This basic attribute existence check with the right errorcode - * is needed since this module is the first one which requests - * schema attribute information. - * The complete attribute checking is done in the - * "objectclass_attrs" module behind this one. - */ - if (!attr) { - ldb_asprintf_errstring(ldb, "acl_modify: attribute '%s' on entry '%s' was not found in the schema!", - el->name, - ldb_dn_get_linearized(msg->dn)); - ret = LDB_ERR_NO_SUCH_ATTRIBUTE; - goto fail; - } - if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP, &root, &new_node)) { talloc_free(tmp_ctx); |