diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/kludge_acl.c | 64 | ||||
-rw-r--r-- | source4/dsdb/schema/schema.h | 3 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_init.c | 13 |
3 files changed, 41 insertions, 39 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index e418031271..bc30fbc36d 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -93,8 +93,9 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess struct ldb_message_element *oc_el; struct ldb_message_element *allowedAttributes; const struct dsdb_schema *schema = dsdb_get_schema(ldb); - const struct dsdb_class *class; - int i, j, ret; + TALLOC_CTX *mem_ctx; + char **objectclass_list, **attr_list; + int i, ret; /* If we don't have a schema yet, we can't do anything... */ if (schema == NULL) { @@ -108,48 +109,39 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess return ret; } + mem_ctx = talloc_new(msg); + if (!mem_ctx) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* To ensure that oc_el is valid, we must look for it after we alter the element array in ldb_msg_add_empty() */ oc_el = ldb_msg_find_element(msg, "objectClass"); + + objectclass_list = talloc_array(mem_ctx, char *, oc_el->num_values + 1); + if (!objectclass_list) { + ldb_oom(ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } for (i=0; oc_el && i < oc_el->num_values; i++) { - class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); - if (!class) { - /* We don't know this class? what is going on? */ - continue; - } - - for (j=0; class->mayContain && class->mayContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->mayContain[j]); - } - for (j=0; class->mustContain && class->mustContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->mustContain[j]); - } - for (j=0; class->systemMayContain && class->systemMayContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->systemMayContain[j]); - } - for (j=0; class->systemMustContain && class->systemMustContain[j]; j++) { - ldb_msg_add_string(msg, attrName, class->systemMustContain[j]); - } + objectclass_list[i] = (char *)oc_el->values[i].data; } - - if (allowedAttributes->num_values > 1) { - qsort(allowedAttributes->values, - allowedAttributes->num_values, - sizeof(*allowedAttributes->values), - (comparison_fn_t)data_blob_cmp); - - for (i=1 ; i < allowedAttributes->num_values; i++) { - struct ldb_val *val1 = &allowedAttributes->values[i-1]; - struct ldb_val *val2 = &allowedAttributes->values[i]; - if (data_blob_cmp(val1, val2) == 0) { - memmove(val1, val2, (allowedAttributes->num_values - i) * sizeof( struct ldb_val)); - allowedAttributes->num_values--; - i--; - } - } + objectclass_list[i] = NULL; + + attr_list = dsdb_full_attribute_list(mem_ctx, schema, (const char **)objectclass_list, DSDB_SCHEMA_ALL); + if (!attr_list) { + ldb_asprintf_errstring(ldb, "kludge_acl: Failed to get list of attributes create %s attribute", attrName); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; } + for (i=0; attr_list && attr_list[i]; i++) { + ldb_msg_add_string(msg, attrName, attr_list[i]); + } + talloc_free(mem_ctx); return 0; } diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index 66cc867a19..a4e455ae33 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -164,7 +164,8 @@ enum dsdb_attr_list_query { DSDB_SCHEMA_SYS_MAY, DSDB_SCHEMA_SYS_MUST, DSDB_SCHEMA_MAY, - DSDB_SCHEMA_MUST + DSDB_SCHEMA_MUST, + DSDB_SCHEMA_ALL }; #include "dsdb/schema/proto.h" diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 3a6a8f5553..71d952b944 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -1404,7 +1404,8 @@ static char **merge_attr_list(TALLOC_CTX *mem_ctx, return ret_attrs; } -char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, struct dsdb_schema *schema, +char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, + const struct dsdb_schema *schema, const char **class_list, enum dsdb_attr_list_query query) { @@ -1443,6 +1444,13 @@ char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, struct dsdb_schema case DSDB_SCHEMA_MUST: attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); break; + + case DSDB_SCHEMA_ALL: + attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain); + attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain); + break; } recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema, @@ -1461,7 +1469,8 @@ char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, struct dsdb_schema return attr_list; } -char **dsdb_full_attribute_list(TALLOC_CTX *mem_ctx, struct dsdb_schema *schema, +char **dsdb_full_attribute_list(TALLOC_CTX *mem_ctx, + const struct dsdb_schema *schema, const char **class_list, enum dsdb_attr_list_query query) { |