1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to its only user

Reduce the number of not to be shared functions in "schema.c".
This commit is contained in:
Matthias Dieter Wallnöfer 2012-04-04 12:29:58 +02:00 committed by Andrew Bartlett
parent 4eb0d42291
commit ba96b2491e
2 changed files with 47 additions and 46 deletions

View File

@ -287,6 +287,52 @@ static int acl_childClasses(struct ldb_module *module,
return LDB_SUCCESS;
}
static int acl_check_access_on_class(struct ldb_module *module,
const struct dsdb_schema *schema,
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,
struct security_token *token,
struct dom_sid *rp_sid,
uint32_t access_mask,
const char *class_name)
{
int ret;
NTSTATUS status;
uint32_t access_granted;
struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
const struct GUID *guid;
if (class_name != NULL) {
guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
if (!guid) {
DEBUG(10, ("acl_search: cannot find class %s\n",
class_name));
goto fail;
}
if (!insert_in_object_tree(mem_ctx,
guid, access_mask,
&root, &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
goto fail;
}
}
status = sec_access_check_ds(sd, token,
access_mask,
&access_granted,
root,
rp_sid);
if (!NT_STATUS_IS_OK(status)) {
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
} else {
ret = LDB_SUCCESS;
}
return ret;
fail:
return ldb_operr(ldb_module_get_ctx(module));
}
static int acl_childClassesEffective(struct ldb_module *module,
const struct dsdb_schema *schema,
struct ldb_message *sd_msg,
@ -339,6 +385,7 @@ static int acl_childClassesEffective(struct ldb_module *module,
schema,
msg,
sd,
acl_user_token(module),
sid,
SEC_ADS_CREATE_CHILD,
sclass->possibleInferiors[j]);

View File

@ -73,52 +73,6 @@ const struct dsdb_class *get_last_structural_class(const struct dsdb_schema *sch
return last_class;
}
int acl_check_access_on_class(struct ldb_module *module,
const struct dsdb_schema *schema,
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,
struct dom_sid *rp_sid,
uint32_t access_mask,
const char *class_name)
{
int ret;
NTSTATUS status;
uint32_t access_granted;
struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
const struct GUID *guid;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_token *token = acl_user_token(module);
if (class_name) {
guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
if (!guid) {
DEBUG(10, ("acl_search: cannot find class %s\n",
class_name));
goto fail;
}
if (!insert_in_object_tree(tmp_ctx,
guid, access_mask,
&root, &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
goto fail;
}
}
status = sec_access_check_ds(sd, token,
access_mask,
&access_granted,
root,
rp_sid);
if (!NT_STATUS_IS_OK(status)) {
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
}
else {
ret = LDB_SUCCESS;
}
return ret;
fail:
return ldb_operr(ldb_module_get_ctx(module));
}
const struct GUID *get_oc_guid_from_message(struct ldb_module *module,
const struct dsdb_schema *schema,
struct ldb_message *msg)