summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-01-02 15:01:23 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-21 16:12:45 +0100
commit6a4063f30273ff184364f276c5206c3507f37644 (patch)
treebda3c3523e406a0584c3ee64658e48e2782326e5 /source4/dsdb/samdb
parente8cc59eb781006c6193249128a1ffc4bcba8f28a (diff)
downloadsamba-6a4063f30273ff184364f276c5206c3507f37644.tar.gz
samba-6a4063f30273ff184364f276c5206c3507f37644.tar.bz2
samba-6a4063f30273ff184364f276c5206c3507f37644.zip
dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()
This commit enters the GUID into the object tree so that that access rights assigned to the structural objectClass are also available, as well as rights assigned to the attribute property groups. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_util.c32
1 files changed, 16 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 95ab2752c7..09ca201d94 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -107,30 +107,30 @@ int acl_check_access_on_attribute(struct ldb_module *module,
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_token *token = acl_user_token(module);
+ if (!insert_in_object_tree(tmp_ctx,
+ &objectclass->schemaIDGUID,
+ access_mask, &root,
+ &new_node)) {
+ DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n"));
+ goto fail;
+ }
+
if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
if (!insert_in_object_tree(tmp_ctx,
&attr->attributeSecurityGUID,
- access_mask, &root,
+ access_mask, &new_node,
&new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
goto fail;
}
+ }
- if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID,
- access_mask, &new_node,
- &new_node)) {
- DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
- goto fail;
- }
- } else {
- if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID,
- access_mask, &root,
- &new_node)) {
- DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
- goto fail;
- }
+ if (!insert_in_object_tree(tmp_ctx,
+ &attr->schemaIDGUID,
+ access_mask, &new_node,
+ &new_node)) {
+ DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
+ goto fail;
}
status = sec_access_check_ds(sd, token,