summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-01-08 15:55:36 +0100
committerMatthieu Patou <mat@samba.org>2013-01-17 11:21:10 +0100
commit6a1025551eb5b343ec996ae0c642d542162e8910 (patch)
tree1b676c3188eb6f34be8009c20cdfe415441bb76f /source4/dsdb/samdb
parentccf577da14194f5f3377226bcdb7e69b62a94851 (diff)
downloadsamba-6a1025551eb5b343ec996ae0c642d542162e8910.tar.gz
samba-6a1025551eb5b343ec996ae0c642d542162e8910.tar.bz2
samba-6a1025551eb5b343ec996ae0c642d542162e8910.zip
dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"
acl_check_access_on_attribute should never be called with attr=NULL because we don't check access on an attribute in that case Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 24b6507803..539363cb10 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -481,6 +481,14 @@ static int acl_sDRightsEffective(struct ldb_module *module,
flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL | SECINFO_DACL;
}
else {
+ const struct dsdb_attribute *attr;
+
+ attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+ "nTSecurityDescriptor");
+ if (attr == NULL) {
+ return ldb_operr(ldb);
+ }
+
/* Get the security descriptor from the message */
ret = dsdb_get_sd_from_ldb_message(ldb, msg, sd_msg, &sd);
if (ret != LDB_SUCCESS) {
@@ -492,7 +500,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
sd,
sid,
SEC_STD_WRITE_OWNER,
- NULL);
+ attr);
if (ret == LDB_SUCCESS) {
flags |= SECINFO_OWNER | SECINFO_GROUP;
}
@@ -501,7 +509,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
sd,
sid,
SEC_STD_WRITE_DAC,
- NULL);
+ attr);
if (ret == LDB_SUCCESS) {
flags |= SECINFO_DACL;
}
@@ -510,7 +518,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
sd,
sid,
SEC_FLAG_SYSTEM_SECURITY,
- NULL);
+ attr);
if (ret == LDB_SUCCESS) {
flags |= SECINFO_SACL;
}