summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/common/dsdb_access.c33
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c29
2 files changed, 7 insertions, 55 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index 40233f9379..7857e1fa25 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -33,6 +33,7 @@
#include "libcli/ldap/ldap_ndr.h"
#include "param/param.h"
#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
void dsdb_acl_debug(struct security_descriptor *sd,
struct security_token *token,
@@ -78,32 +79,6 @@ int dsdb_get_sd_from_ldb_message(TALLOC_CTX *mem_ctx,
return LDB_SUCCESS;
}
-int dsdb_get_dom_sid_from_ldb_message(TALLOC_CTX *mem_ctx,
- struct ldb_message *acl_res,
- struct dom_sid **sid)
-{
- struct ldb_message_element *sid_element;
- enum ndr_err_code ndr_err;
-
- sid_element = ldb_msg_find_element(acl_res, "objectSid");
- if (!sid_element) {
- *sid = NULL;
- return LDB_SUCCESS;
- }
- *sid = talloc(mem_ctx, struct dom_sid);
- if(!*sid) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ndr_err = ndr_pull_struct_blob(&sid_element->values[0], *sid, NULL, *sid,
- (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
-
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- return LDB_SUCCESS;
-}
-
int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res,
TALLOC_CTX *mem_ctx,
struct security_token *token,
@@ -127,11 +102,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res,
if (!sd) {
return LDB_SUCCESS;
}
- ret = dsdb_get_dom_sid_from_ldb_message(mem_ctx, acl_res->msgs[0], &sid);
- if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
if (guid) {
if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) {
return LDB_ERR_OPERATIONS_ERROR;
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 5679e11359..35b5663745 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -374,11 +374,8 @@ static int acl_allowedAttributes(struct ldb_module *module,
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = dsdb_get_dom_sid_from_ldb_message(mem_ctx, sd_msg, &sid);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ sid = samdb_result_dom_sid(mem_ctx, sd_msg, "objectSid");
for (i=0; attr_list && attr_list[i]; i++) {
const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema,
attr_list[i]);
@@ -495,11 +492,8 @@ static int acl_childClassesEffective(struct ldb_module *module,
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = dsdb_get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
for (i=0; oc_el && i < oc_el->num_values; i++) {
sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
if (!sclass) {
@@ -573,11 +567,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = dsdb_get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
ret = acl_check_access_on_attribute(module,
msg,
sd,
@@ -729,12 +719,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
DEBUG(10, ("acl_modify: cannot get guid\n"));
goto fail;
}
-
- ret = dsdb_get_dom_sid_from_ldb_message(req, acl_res->msgs[0], &sid);
- if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
&root, &new_node)) {
DEBUG(10, ("acl_modify: cannot add to object tree\n"));
@@ -951,11 +936,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
if (!sd) {
return LDB_SUCCESS;
}
- ret = dsdb_get_dom_sid_from_ldb_message(req, acl_res->msgs[0], &sid);
- if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
status = sec_access_check_ds(sd, acl_user_token(module),
SEC_ADS_WRITE_PROP,
&access_granted,