diff options
-rw-r--r-- | libcli/security/access_check.h | 2 | ||||
-rw-r--r-- | source4/dsdb/common/dsdb_access.c | 11 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_util.c | 25 | ||||
-rw-r--r-- | source4/lib/ldb/common/ldb_dn.c | 4 | ||||
-rw-r--r-- | source4/lib/ldb/include/ldb.h | 2 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 2 |
6 files changed, 26 insertions, 20 deletions
diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h index 700f981879..c4923ebc71 100644 --- a/libcli/security/access_check.h +++ b/libcli/security/access_check.h @@ -75,4 +75,4 @@ struct object_tree *get_object_tree_by_GUID(struct object_tree *root, /* Change the granted access per each ACE */ void object_tree_modify_access(struct object_tree *root, - uint32_t access); + uint32_t access_mask); diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index ebbe4f43b1..39e67b7793 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -87,7 +87,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct security_token *token, struct ldb_dn *dn, - uint32_t access, + uint32_t access_mask, const struct GUID *guid) { struct security_descriptor *sd = NULL; @@ -108,12 +108,13 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, } sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid"); if (guid) { - if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) { + if (!insert_in_object_tree(mem_ctx, guid, access_mask, &root, + &new_node)) { return ldb_operr(ldb); } } status = sec_access_check_ds(sd, token, - access, + access_mask, &access_granted, root, sid); @@ -137,7 +138,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct security_token *token, - uint32_t access, + uint32_t access_mask, const char *ext_right) { int ret; @@ -163,7 +164,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, mem_ctx, token, dn, - access, + access_mask, &guid); } diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c index 1a84704079..1fb8b9a475 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_util.c +++ b/source4/dsdb/samdb/ldb_modules/acl_util.c @@ -54,7 +54,7 @@ struct security_token *acl_user_token(struct ldb_module *module) int dsdb_module_check_access_on_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, - uint32_t access, + uint32_t access_mask, const struct GUID *guid) { int ret; @@ -82,14 +82,14 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module, mem_ctx, session_info->security_token, dn, - access, + access_mask, guid); } int dsdb_module_check_access_on_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct GUID *guid, - uint32_t access, + uint32_t access_mask, const struct GUID *oc_guid) { int ret; @@ -119,7 +119,7 @@ int dsdb_module_check_access_on_guid(struct ldb_module *module, mem_ctx, session_info->security_token, acl_res->msgs[0]->dn, - access, + access_mask, oc_guid); } @@ -127,7 +127,7 @@ int acl_check_access_on_attribute(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct security_descriptor *sd, struct dom_sid *rp_sid, - uint32_t access, + uint32_t access_mask, const struct dsdb_attribute *attr) { int ret; @@ -140,28 +140,33 @@ int acl_check_access_on_attribute(struct ldb_module *module, if (attr) { if (!GUID_all_zero(&attr->attributeSecurityGUID)) { if (!insert_in_object_tree(tmp_ctx, - &attr->attributeSecurityGUID, access, - &root, &new_node)) { + &attr->attributeSecurityGUID, + access_mask, &root, + &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n")); goto fail; } if (!insert_in_object_tree(tmp_ctx, - &attr->schemaIDGUID, access, &new_node, &new_node)) { + &attr->schemaIDGUID, + access_mask, &new_node, + &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); goto fail; } } else { if (!insert_in_object_tree(tmp_ctx, - &attr->schemaIDGUID, access, &root, &new_node)) { + &attr->schemaIDGUID, + access_mask, &root, + &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); goto fail; } } } status = sec_access_check_ds(sd, token, - access, + access_mask, &access_granted, root, rp_sid); diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index 9bf8658462..1b714c9427 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -887,11 +887,11 @@ char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int /* filter out all but an acceptable list of extended DN components */ -void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept) +void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list) { unsigned int i; for (i=0; i<dn->ext_comp_num; i++) { - if (!ldb_attr_in_list(accept, dn->ext_components[i].name)) { + if (!ldb_attr_in_list(accept_list, dn->ext_components[i].name)) { memmove(&dn->ext_components[i], &dn->ext_components[i+1], (dn->ext_comp_num-(i+1))*sizeof(dn->ext_components[0])); diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 1deed84550..0c3196a286 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -1692,7 +1692,7 @@ char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn); char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode); const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn, const char *name); int ldb_dn_set_extended_component(struct ldb_dn *dn, const char *name, const struct ldb_val *val); -void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept); +void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list); void ldb_dn_remove_extended_components(struct ldb_dn *dn); bool ldb_dn_has_extended(struct ldb_dn *dn); diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index a3c8846376..0854f25284 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -4051,7 +4051,7 @@ static NTSTATUS make_ft_info(TALLOC_CTX *mem_ctx, } static NTSTATUS add_collision(struct lsa_ForestTrustCollisionInfo *c_info, - uint32_t index, uint32_t collision_type, + uint32_t idx, uint32_t collision_type, uint32_t conflict_type, const char *tdo_name); static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx, |