diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-01-16 16:35:33 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
| commit | 34f1a52689f4cc64fb63118e685a4442e3fe187a (patch) | |
| tree | 35c86e7281bb6772ea83ede2df3b33fd4217386f /source4/dsdb | |
| parent | 6a4063f30273ff184364f276c5206c3507f37644 (diff) | |
| download | samba-34f1a52689f4cc64fb63118e685a4442e3fe187a.tar.gz samba-34f1a52689f4cc64fb63118e685a4442e3fe187a.tar.bz2 samba-34f1a52689f4cc64fb63118e685a4442e3fe187a.zip | |
dsdb-acl: use acl_check_access_on_objectclass() instead of acl_check_access_on_class()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 638955de97..a3f43032be 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -434,14 +434,19 @@ static int acl_childClassesEffective(struct ldb_module *module, } for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) { - ret = acl_check_access_on_class(module, - schema, - msg, - sd, - acl_user_token(module), - sid, - SEC_ADS_CREATE_CHILD, - sclass->possibleInferiors[j]); + const struct dsdb_class *sc; + + sc = dsdb_class_by_lDAPDisplayName(schema, + sclass->possibleInferiors[j]); + if (!sc) { + /* We don't know this class? what is going on? */ + continue; + } + + ret = acl_check_access_on_objectclass(module, ac, + sd, sid, + SEC_ADS_CREATE_CHILD, + sc); if (ret == LDB_SUCCESS) { ldb_msg_add_string(msg, "allowedChildClassesEffective", sclass->possibleInferiors[j]); |