summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/dsdb_access.c11
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_util.c25
2 files changed, 21 insertions, 15 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index ebbe4f43b1..39e67b7793 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -87,7 +87,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct security_token *token,
struct ldb_dn *dn,
- uint32_t access,
+ uint32_t access_mask,
const struct GUID *guid)
{
struct security_descriptor *sd = NULL;
@@ -108,12 +108,13 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
}
sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
if (guid) {
- if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) {
+ if (!insert_in_object_tree(mem_ctx, guid, access_mask, &root,
+ &new_node)) {
return ldb_operr(ldb);
}
}
status = sec_access_check_ds(sd, token,
- access,
+ access_mask,
&access_granted,
root,
sid);
@@ -137,7 +138,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
struct security_token *token,
- uint32_t access,
+ uint32_t access_mask,
const char *ext_right)
{
int ret;
@@ -163,7 +164,7 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
mem_ctx,
token,
dn,
- access,
+ access_mask,
&guid);
}
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 1a84704079..1fb8b9a475 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -54,7 +54,7 @@ struct security_token *acl_user_token(struct ldb_module *module)
int dsdb_module_check_access_on_dn(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
- uint32_t access,
+ uint32_t access_mask,
const struct GUID *guid)
{
int ret;
@@ -82,14 +82,14 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
mem_ctx,
session_info->security_token,
dn,
- access,
+ access_mask,
guid);
}
int dsdb_module_check_access_on_guid(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct GUID *guid,
- uint32_t access,
+ uint32_t access_mask,
const struct GUID *oc_guid)
{
int ret;
@@ -119,7 +119,7 @@ int dsdb_module_check_access_on_guid(struct ldb_module *module,
mem_ctx,
session_info->security_token,
acl_res->msgs[0]->dn,
- access,
+ access_mask,
oc_guid);
}
@@ -127,7 +127,7 @@ int acl_check_access_on_attribute(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,
struct dom_sid *rp_sid,
- uint32_t access,
+ uint32_t access_mask,
const struct dsdb_attribute *attr)
{
int ret;
@@ -140,28 +140,33 @@ int acl_check_access_on_attribute(struct ldb_module *module,
if (attr) {
if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
if (!insert_in_object_tree(tmp_ctx,
- &attr->attributeSecurityGUID, access,
- &root, &new_node)) {
+ &attr->attributeSecurityGUID,
+ access_mask, &root,
+ &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
goto fail;
}
if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID, access, &new_node, &new_node)) {
+ &attr->schemaIDGUID,
+ access_mask, &new_node,
+ &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail;
}
}
else {
if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID, access, &root, &new_node)) {
+ &attr->schemaIDGUID,
+ access_mask, &root,
+ &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail;
}
}
}
status = sec_access_check_ds(sd, token,
- access,
+ access_mask,
&access_granted,
root,
rp_sid);