summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-01-16 16:35:33 +0100
committerStefan Metzmacher <metze@samba.org>2013-01-21 16:12:45 +0100
commit34f1a52689f4cc64fb63118e685a4442e3fe187a (patch)
tree35c86e7281bb6772ea83ede2df3b33fd4217386f /source4/dsdb
parent6a4063f30273ff184364f276c5206c3507f37644 (diff)
downloadsamba-34f1a52689f4cc64fb63118e685a4442e3fe187a.tar.gz
samba-34f1a52689f4cc64fb63118e685a4442e3fe187a.tar.bz2
samba-34f1a52689f4cc64fb63118e685a4442e3fe187a.zip
dsdb-acl: use acl_check_access_on_objectclass() instead of acl_check_access_on_class()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 638955de97..a3f43032be 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -434,14 +434,19 @@ static int acl_childClassesEffective(struct ldb_module *module,
}
for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
- ret = acl_check_access_on_class(module,
- schema,
- msg,
- sd,
- acl_user_token(module),
- sid,
- SEC_ADS_CREATE_CHILD,
- sclass->possibleInferiors[j]);
+ const struct dsdb_class *sc;
+
+ sc = dsdb_class_by_lDAPDisplayName(schema,
+ sclass->possibleInferiors[j]);
+ if (!sc) {
+ /* We don't know this class? what is going on? */
+ continue;
+ }
+
+ ret = acl_check_access_on_objectclass(module, ac,
+ sd, sid,
+ SEC_ADS_CREATE_CHILD,
+ sc);
if (ret == LDB_SUCCESS) {
ldb_msg_add_string(msg, "allowedChildClassesEffective",
sclass->possibleInferiors[j]);