diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-01-02 15:01:00 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
commit | e8cc59eb781006c6193249128a1ffc4bcba8f28a (patch) | |
tree | 19fe37d014192be8ca3bc8ce45892434384d286a /source4/dsdb/samdb/ldb_modules/acl_read.c | |
parent | 93944ea90069df5379993f5c186ffd68e166f1c4 (diff) | |
download | samba-e8cc59eb781006c6193249128a1ffc4bcba8f28a.tar.gz samba-e8cc59eb781006c6193249128a1ffc4bcba8f28a.tar.bz2 samba-e8cc59eb781006c6193249128a1ffc4bcba8f28a.zip |
dsdb-acl: Pass the structural objectClass into acl_check_access_on_attribute
This will, when the GUID is entered into the object tree (not in this
commit) ensure that access rights assigned to the structural
objectClass are also available, as well as rights assigned to the
attribute property groups.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/acl_read.c')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index dcabd56a78..07b1bc4e5e 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -76,6 +76,7 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) struct dom_sid *sid = NULL; TALLOC_CTX *tmp_ctx; uint32_t instanceType; + const struct dsdb_class *objectclass; ac = talloc_get_type(req->context, struct aclread_context); ldb = ldb_module_get_ctx(ac->module); @@ -98,6 +99,17 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) ret = LDB_ERR_OPERATIONS_ERROR; goto fail; } + /* + * Get the most specific structural object class for the ACL check + */ + objectclass = dsdb_get_structural_oc_from_msg(ac->schema, msg); + if (objectclass == NULL) { + ldb_asprintf_errstring(ldb, "acl_read: Failed to find a structural class for %s", + ldb_dn_get_linearized(msg->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + goto fail; + } + sid = samdb_result_dom_sid(tmp_ctx, msg, "objectSid"); /* get the object instance type */ instanceType = ldb_msg_find_attr_as_uint(msg, @@ -196,7 +208,8 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) sd, sid, access_mask, - attr); + attr, + objectclass); /* * Dirsync control needs the replpropertymetadata attribute |