mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to its only user
Reduce the number of not to be shared functions in "schema.c".
This commit is contained in:
parent
4eb0d42291
commit
ba96b2491e
@ -287,6 +287,52 @@ static int acl_childClasses(struct ldb_module *module,
|
||||
return LDB_SUCCESS;
|
||||
}
|
||||
|
||||
static int acl_check_access_on_class(struct ldb_module *module,
|
||||
const struct dsdb_schema *schema,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct security_descriptor *sd,
|
||||
struct security_token *token,
|
||||
struct dom_sid *rp_sid,
|
||||
uint32_t access_mask,
|
||||
const char *class_name)
|
||||
{
|
||||
int ret;
|
||||
NTSTATUS status;
|
||||
uint32_t access_granted;
|
||||
struct object_tree *root = NULL;
|
||||
struct object_tree *new_node = NULL;
|
||||
const struct GUID *guid;
|
||||
|
||||
if (class_name != NULL) {
|
||||
guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
|
||||
if (!guid) {
|
||||
DEBUG(10, ("acl_search: cannot find class %s\n",
|
||||
class_name));
|
||||
goto fail;
|
||||
}
|
||||
if (!insert_in_object_tree(mem_ctx,
|
||||
guid, access_mask,
|
||||
&root, &new_node)) {
|
||||
DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
status = sec_access_check_ds(sd, token,
|
||||
access_mask,
|
||||
&access_granted,
|
||||
root,
|
||||
rp_sid);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
|
||||
} else {
|
||||
ret = LDB_SUCCESS;
|
||||
}
|
||||
return ret;
|
||||
fail:
|
||||
return ldb_operr(ldb_module_get_ctx(module));
|
||||
}
|
||||
|
||||
static int acl_childClassesEffective(struct ldb_module *module,
|
||||
const struct dsdb_schema *schema,
|
||||
struct ldb_message *sd_msg,
|
||||
@ -339,6 +385,7 @@ static int acl_childClassesEffective(struct ldb_module *module,
|
||||
schema,
|
||||
msg,
|
||||
sd,
|
||||
acl_user_token(module),
|
||||
sid,
|
||||
SEC_ADS_CREATE_CHILD,
|
||||
sclass->possibleInferiors[j]);
|
||||
|
@ -73,52 +73,6 @@ const struct dsdb_class *get_last_structural_class(const struct dsdb_schema *sch
|
||||
return last_class;
|
||||
}
|
||||
|
||||
int acl_check_access_on_class(struct ldb_module *module,
|
||||
const struct dsdb_schema *schema,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct security_descriptor *sd,
|
||||
struct dom_sid *rp_sid,
|
||||
uint32_t access_mask,
|
||||
const char *class_name)
|
||||
{
|
||||
int ret;
|
||||
NTSTATUS status;
|
||||
uint32_t access_granted;
|
||||
struct object_tree *root = NULL;
|
||||
struct object_tree *new_node = NULL;
|
||||
const struct GUID *guid;
|
||||
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
|
||||
struct security_token *token = acl_user_token(module);
|
||||
if (class_name) {
|
||||
guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
|
||||
if (!guid) {
|
||||
DEBUG(10, ("acl_search: cannot find class %s\n",
|
||||
class_name));
|
||||
goto fail;
|
||||
}
|
||||
if (!insert_in_object_tree(tmp_ctx,
|
||||
guid, access_mask,
|
||||
&root, &new_node)) {
|
||||
DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
status = sec_access_check_ds(sd, token,
|
||||
access_mask,
|
||||
&access_granted,
|
||||
root,
|
||||
rp_sid);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
|
||||
}
|
||||
else {
|
||||
ret = LDB_SUCCESS;
|
||||
}
|
||||
return ret;
|
||||
fail:
|
||||
return ldb_operr(ldb_module_get_ctx(module));
|
||||
}
|
||||
|
||||
const struct GUID *get_oc_guid_from_message(struct ldb_module *module,
|
||||
const struct dsdb_schema *schema,
|
||||
struct ldb_message *msg)
|
||||
|
Loading…
Reference in New Issue
Block a user