From 566d13c5d11ae832285c09f74d25ffdcf0397735 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sat, 5 Jun 2010 20:19:31 +0200 Subject: s4:acl LDB module - adaption for "objectclass_attrs" module Since the attribute schema checking code moved back we need to give here the "LDB_ERR_NO_SUCH_ATTRIBUTE" error. --- source4/dsdb/samdb/ldb_modules/acl.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 1b84e8a02f..46644daeb3 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -736,15 +736,25 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) attr = dsdb_attribute_by_lDAPDisplayName(schema, req->op.mod.message->elements[i].name); } + + /* This basic attribute existence check with the right errorcode + * is needed since this module is the first one which requests + * schema attribute informations. + * The complete attribute checking is done in the + * "objectclass_attrs" module behind this one. + */ + if (!attr) { + ldb_asprintf_errstring(ldb, "acl_modify: attribute '%s' on entry '%s' was not found in the schema!", + req->op.mod.message->elements[i].name, + ldb_dn_get_linearized(req->op.mod.message->dn)); + talloc_free(tmp_ctx); + return LDB_ERR_NO_SUCH_ATTRIBUTE; + } + if (strcmp("nTSecurityDescriptor", req->op.mod.message->elements[i].name) == 0) { modify_sd = true; } else { - if (!attr) { - DEBUG(10, ("acl_modify: cannot find attribute %s\n", - req->op.mod.message->elements[i].name)); - goto fail; - } if (!insert_in_object_tree(tmp_ctx, &attr->attributeSecurityGUID, SEC_ADS_WRITE_PROP, &new_node, &new_node)) { -- cgit