summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/kludge_acl.c64
-rw-r--r--source4/dsdb/schema/schema.h3
-rw-r--r--source4/dsdb/schema/schema_init.c13
3 files changed, 41 insertions, 39 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index e418031271..bc30fbc36d 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -93,8 +93,9 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess
struct ldb_message_element *oc_el;
struct ldb_message_element *allowedAttributes;
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
- const struct dsdb_class *class;
- int i, j, ret;
+ TALLOC_CTX *mem_ctx;
+ char **objectclass_list, **attr_list;
+ int i, ret;
/* If we don't have a schema yet, we can't do anything... */
if (schema == NULL) {
@@ -108,48 +109,39 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess
return ret;
}
+ mem_ctx = talloc_new(msg);
+ if (!mem_ctx) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
/* To ensure that oc_el is valid, we must look for it after
we alter the element array in ldb_msg_add_empty() */
oc_el = ldb_msg_find_element(msg, "objectClass");
+
+ objectclass_list = talloc_array(mem_ctx, char *, oc_el->num_values + 1);
+ if (!objectclass_list) {
+ ldb_oom(ldb);
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
for (i=0; oc_el && i < oc_el->num_values; i++) {
- class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data);
- if (!class) {
- /* We don't know this class? what is going on? */
- continue;
- }
-
- for (j=0; class->mayContain && class->mayContain[j]; j++) {
- ldb_msg_add_string(msg, attrName, class->mayContain[j]);
- }
- for (j=0; class->mustContain && class->mustContain[j]; j++) {
- ldb_msg_add_string(msg, attrName, class->mustContain[j]);
- }
- for (j=0; class->systemMayContain && class->systemMayContain[j]; j++) {
- ldb_msg_add_string(msg, attrName, class->systemMayContain[j]);
- }
- for (j=0; class->systemMustContain && class->systemMustContain[j]; j++) {
- ldb_msg_add_string(msg, attrName, class->systemMustContain[j]);
- }
+ objectclass_list[i] = (char *)oc_el->values[i].data;
}
-
- if (allowedAttributes->num_values > 1) {
- qsort(allowedAttributes->values,
- allowedAttributes->num_values,
- sizeof(*allowedAttributes->values),
- (comparison_fn_t)data_blob_cmp);
-
- for (i=1 ; i < allowedAttributes->num_values; i++) {
- struct ldb_val *val1 = &allowedAttributes->values[i-1];
- struct ldb_val *val2 = &allowedAttributes->values[i];
- if (data_blob_cmp(val1, val2) == 0) {
- memmove(val1, val2, (allowedAttributes->num_values - i) * sizeof( struct ldb_val));
- allowedAttributes->num_values--;
- i--;
- }
- }
+ objectclass_list[i] = NULL;
+
+ attr_list = dsdb_full_attribute_list(mem_ctx, schema, (const char **)objectclass_list, DSDB_SCHEMA_ALL);
+ if (!attr_list) {
+ ldb_asprintf_errstring(ldb, "kludge_acl: Failed to get list of attributes create %s attribute", attrName);
+ talloc_free(mem_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
}
+ for (i=0; attr_list && attr_list[i]; i++) {
+ ldb_msg_add_string(msg, attrName, attr_list[i]);
+ }
+ talloc_free(mem_ctx);
return 0;
}
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
index 66cc867a19..a4e455ae33 100644
--- a/source4/dsdb/schema/schema.h
+++ b/source4/dsdb/schema/schema.h
@@ -164,7 +164,8 @@ enum dsdb_attr_list_query {
DSDB_SCHEMA_SYS_MAY,
DSDB_SCHEMA_SYS_MUST,
DSDB_SCHEMA_MAY,
- DSDB_SCHEMA_MUST
+ DSDB_SCHEMA_MUST,
+ DSDB_SCHEMA_ALL
};
#include "dsdb/schema/proto.h"
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index 3a6a8f5553..71d952b944 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -1404,7 +1404,8 @@ static char **merge_attr_list(TALLOC_CTX *mem_ctx,
return ret_attrs;
}
-char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, struct dsdb_schema *schema,
+char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx,
+ const struct dsdb_schema *schema,
const char **class_list,
enum dsdb_attr_list_query query)
{
@@ -1443,6 +1444,13 @@ char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, struct dsdb_schema
case DSDB_SCHEMA_MUST:
attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain);
break;
+
+ case DSDB_SCHEMA_ALL:
+ attr_list = merge_attr_list(mem_ctx, attr_list, class->mayContain);
+ attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMayContain);
+ attr_list = merge_attr_list(mem_ctx, attr_list, class->mustContain);
+ attr_list = merge_attr_list(mem_ctx, attr_list, class->systemMustContain);
+ break;
}
recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema,
@@ -1461,7 +1469,8 @@ char **dsdb_full_attribute_list_internal(TALLOC_CTX *mem_ctx, struct dsdb_schema
return attr_list;
}
-char **dsdb_full_attribute_list(TALLOC_CTX *mem_ctx, struct dsdb_schema *schema,
+char **dsdb_full_attribute_list(TALLOC_CTX *mem_ctx,
+ const struct dsdb_schema *schema,
const char **class_list,
enum dsdb_attr_list_query query)
{