sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code

dsdb-acl: introduce a 'el' helper variable to acl_modify()

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2013-01-18 09:17:25 +01:00
parent 71b856a3f0
commit ddfb8fe89c
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
source4/dsdb/samdb/ldb_modules/acl.c
View File

@ -1069,11 +1069,13 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
}
sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
for (i=0; i < msg->num_elements; i++) {
const struct ldb_message_element *el = &msg->elements[i];
const struct dsdb_attribute *attr;
attr = dsdb_attribute_by_lDAPDisplayName(schema,
msg->elements[i].name);
if (ldb_attr_cmp("nTSecurityDescriptor", msg->elements[i].name) == 0) {
attr = dsdb_attribute_by_lDAPDisplayName(schema,
el->name);
if (ldb_attr_cmp("nTSecurityDescriptor", el->name) == 0) {
uint32_t sd_flags = dsdb_request_sd_flags(req, NULL);
uint32_t access_mask = 0;
@ -1105,8 +1107,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
goto fail;
}
}
else if (ldb_attr_cmp("member", msg->elements[i].name) == 0) {
} else if (ldb_attr_cmp("member", el->name) == 0) {
ret = acl_check_self_membership(tmp_ctx,
module,
req,
@ -1117,15 +1118,13 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
if (ret != LDB_SUCCESS) {
goto fail;
}
}
else if (ldb_attr_cmp("dBCSPwd", msg->elements[i].name) == 0) {
} else if (ldb_attr_cmp("dBCSPwd", el->name) == 0) {
/* this one is not affected by any rights, we should let it through
so that passwords_hash returns the correct error */
continue;
}
else if (ldb_attr_cmp("unicodePwd", msg->elements[i].name) == 0 ||
(userPassword && ldb_attr_cmp("userPassword", msg->elements[i].name) == 0) ||
ldb_attr_cmp("clearTextPassword", msg->elements[i].name) == 0) {
} else if (ldb_attr_cmp("unicodePwd", el->name) == 0 ||
(userPassword && ldb_attr_cmp("userPassword", el->name) == 0) ||
ldb_attr_cmp("clearTextPassword", el->name) == 0) {
ret = acl_check_password_rights(tmp_ctx,
module,
req,
@ -1136,7 +1135,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
if (ret != LDB_SUCCESS) {
goto fail;
}
} else if (ldb_attr_cmp("servicePrincipalName", msg->elements[i].name) == 0) {
} else if (ldb_attr_cmp("servicePrincipalName", el->name) == 0) {
ret = acl_check_spn(tmp_ctx,
module,
req,
@ -1159,7 +1158,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
*/
if (!attr) {
ldb_asprintf_errstring(ldb, "acl_modify: attribute '%s' on entry '%s' was not found in the schema!",
msg->elements[i].name,
el->name,
ldb_dn_get_linearized(msg->dn));
ret = LDB_ERR_NO_SUCH_ATTRIBUTE;
goto fail;