s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid()

source4/dsdb/common/dsdb_access.c

@@ -33,6 +33,7 @@
 #include "libcli/ldap/ldap_ndr.h"
 #include "param/param.h"
 #include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
 
 void dsdb_acl_debug(struct security_descriptor *sd,
 		      struct security_token *token,
@@ -78,32 +79,6 @@ int dsdb_get_sd_from_ldb_message(TALLOC_CTX *mem_ctx,
 	return LDB_SUCCESS;
 }
 
-int dsdb_get_dom_sid_from_ldb_message(TALLOC_CTX *mem_ctx,
-				 struct ldb_message *acl_res,
-				 struct dom_sid **sid)
-{
-	struct ldb_message_element *sid_element;
-	enum ndr_err_code ndr_err;
-
-	sid_element = ldb_msg_find_element(acl_res, "objectSid");
-	if (!sid_element) {
-		*sid = NULL;
-		return LDB_SUCCESS;
-	}
-	*sid = talloc(mem_ctx, struct dom_sid);
-	if(!*sid) {
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-	ndr_err = ndr_pull_struct_blob(&sid_element->values[0], *sid, NULL, *sid,
-				       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
-
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-
-	return LDB_SUCCESS;
-}
-
 int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res,
 				     TALLOC_CTX *mem_ctx,
 				     struct security_token *token,
@@ -127,11 +102,7 @@ int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res,
 	if (!sd) {
 		return LDB_SUCCESS;
 	}
-	ret = dsdb_get_dom_sid_from_ldb_message(mem_ctx, acl_res->msgs[0], &sid);
-	if (ret != LDB_SUCCESS) {
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-
+	sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
 	if (guid) {
 		if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) {
 			return LDB_ERR_OPERATIONS_ERROR;

source4/dsdb/samdb/ldb_modules/acl.c

@@ -374,11 +374,8 @@ static int acl_allowedAttributes(struct ldb_module *module,
 		if (ret != LDB_SUCCESS) {
 			return ret;
 		}
-		ret = dsdb_get_dom_sid_from_ldb_message(mem_ctx, sd_msg, &sid);
 
-		if (ret != LDB_SUCCESS) {
-			return ret;
-		}
+		sid = samdb_result_dom_sid(mem_ctx, sd_msg, "objectSid");
 		for (i=0; attr_list && attr_list[i]; i++) {
 			const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema,
 											attr_list[i]);
@@ -495,11 +492,8 @@ static int acl_childClassesEffective(struct ldb_module *module,
 	if (ret != LDB_SUCCESS) {
 		return ret;
 	}
-	ret = dsdb_get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
 
-	if (ret != LDB_SUCCESS) {
-		return ret;
-	}
+	sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
 	for (i=0; oc_el && i < oc_el->num_values; i++) {
 		sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
 		if (!sclass) {
@@ -573,11 +567,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
 		if (ret != LDB_SUCCESS) {
 			return ret;
 		}
-		ret = dsdb_get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
-
-		if (ret != LDB_SUCCESS) {
-			return ret;
-		}
+		sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
 		ret = acl_check_access_on_attribute(module,
 						    msg,
 						    sd,
@@ -729,12 +719,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
 		DEBUG(10, ("acl_modify: cannot get guid\n"));
 		goto fail;
 	}
-
-	ret = dsdb_get_dom_sid_from_ldb_message(req, acl_res->msgs[0], &sid);
-	if (ret != LDB_SUCCESS) {
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-
+	sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
 	if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
 				   &root, &new_node)) {
 		DEBUG(10, ("acl_modify: cannot add to object tree\n"));
@@ -951,11 +936,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
 	if (!sd) {
 		return LDB_SUCCESS;
 	}
-	ret = dsdb_get_dom_sid_from_ldb_message(req, acl_res->msgs[0], &sid);
-	if (ret != LDB_SUCCESS) {
-		return LDB_ERR_OPERATIONS_ERROR;
-	}
-
+	sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
 	status = sec_access_check_ds(sd, acl_user_token(module),
 				     SEC_ADS_WRITE_PROP,
 				     &access_granted,