diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-01-08 15:55:36 +0100 |
---|---|---|
committer | Matthieu Patou <mat@samba.org> | 2013-01-17 11:21:10 +0100 |
commit | 6a1025551eb5b343ec996ae0c642d542162e8910 (patch) | |
tree | 1b676c3188eb6f34be8009c20cdfe415441bb76f /source4/dsdb/samdb | |
parent | ccf577da14194f5f3377226bcdb7e69b62a94851 (diff) | |
download | samba-6a1025551eb5b343ec996ae0c642d542162e8910.tar.gz samba-6a1025551eb5b343ec996ae0c642d542162e8910.tar.bz2 samba-6a1025551eb5b343ec996ae0c642d542162e8910.zip |
dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"
acl_check_access_on_attribute should never be called with attr=NULL
because we don't check access on an attribute in that case
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 24b6507803..539363cb10 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -481,6 +481,14 @@ static int acl_sDRightsEffective(struct ldb_module *module, flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL | SECINFO_DACL; } else { + const struct dsdb_attribute *attr; + + attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, + "nTSecurityDescriptor"); + if (attr == NULL) { + return ldb_operr(ldb); + } + /* Get the security descriptor from the message */ ret = dsdb_get_sd_from_ldb_message(ldb, msg, sd_msg, &sd); if (ret != LDB_SUCCESS) { @@ -492,7 +500,7 @@ static int acl_sDRightsEffective(struct ldb_module *module, sd, sid, SEC_STD_WRITE_OWNER, - NULL); + attr); if (ret == LDB_SUCCESS) { flags |= SECINFO_OWNER | SECINFO_GROUP; } @@ -501,7 +509,7 @@ static int acl_sDRightsEffective(struct ldb_module *module, sd, sid, SEC_STD_WRITE_DAC, - NULL); + attr); if (ret == LDB_SUCCESS) { flags |= SECINFO_DACL; } @@ -510,7 +518,7 @@ static int acl_sDRightsEffective(struct ldb_module *module, sd, sid, SEC_FLAG_SYSTEM_SECURITY, - NULL); + attr); if (ret == LDB_SUCCESS) { flags |= SECINFO_SACL; } |