diff options
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/common/dsdb_access.c | 11 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_util.c | 25 |
2 files changed, 21 insertions, 15 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index ebbe4f43b1..39e67b7793 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -87,7 +87,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct security_token *token, struct ldb_dn *dn, - uint32_t access, + uint32_t access_mask, const struct GUID *guid) { struct security_descriptor *sd = NULL; @@ -108,12 +108,13 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, } sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid"); if (guid) { - if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) { + if (!insert_in_object_tree(mem_ctx, guid, access_mask, &root, + &new_node)) { return ldb_operr(ldb); } } status = sec_access_check_ds(sd, token, - access, + access_mask, &access_granted, root, sid); @@ -137,7 +138,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct security_token *token, - uint32_t access, + uint32_t access_mask, const char *ext_right) { int ret; @@ -163,7 +164,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, mem_ctx, token, dn, - access, + access_mask, &guid); } diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c index 1a84704079..1fb8b9a475 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_util.c +++ b/source4/dsdb/samdb/ldb_modules/acl_util.c @@ -54,7 +54,7 @@ struct security_token *acl_user_token(struct ldb_module *module) int dsdb_module_check_access_on_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, - uint32_t access, + uint32_t access_mask, const struct GUID *guid) { int ret; @@ -82,14 +82,14 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module, mem_ctx, session_info->security_token, dn, - access, + access_mask, guid); } int dsdb_module_check_access_on_guid(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct GUID *guid, - uint32_t access, + uint32_t access_mask, const struct GUID *oc_guid) { int ret; @@ -119,7 +119,7 @@ int dsdb_module_check_access_on_guid(struct ldb_module *module, mem_ctx, session_info->security_token, acl_res->msgs[0]->dn, - access, + access_mask, oc_guid); } @@ -127,7 +127,7 @@ int acl_check_access_on_attribute(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct security_descriptor *sd, struct dom_sid *rp_sid, - uint32_t access, + uint32_t access_mask, const struct dsdb_attribute *attr) { int ret; @@ -140,28 +140,33 @@ int acl_check_access_on_attribute(struct ldb_module *module, if (attr) { if (!GUID_all_zero(&attr->attributeSecurityGUID)) { if (!insert_in_object_tree(tmp_ctx, - &attr->attributeSecurityGUID, access, - &root, &new_node)) { + &attr->attributeSecurityGUID, + access_mask, &root, + &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n")); goto fail; } if (!insert_in_object_tree(tmp_ctx, - &attr->schemaIDGUID, access, &new_node, &new_node)) { + &attr->schemaIDGUID, + access_mask, &new_node, + &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); goto fail; } } else { if (!insert_in_object_tree(tmp_ctx, - &attr->schemaIDGUID, access, &root, &new_node)) { + &attr->schemaIDGUID, + access_mask, &root, + &new_node)) { DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); goto fail; } } } status = sec_access_check_ds(sd, token, - access, + access_mask, &access_granted, root, rp_sid); |