From: Matthias Dieter Wallnöfer Date: Wed, 4 Apr 2012 10:29:58 +0000 (+0200) Subject: s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to its only... X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=ba96b2491e106dd9035d3b3b1f95cb81412e0847;p=obnox%2Fsamba%2Fsamba-obnox.git s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to its only user Reduce the number of not to be shared functions in "schema.c". --- diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index d898d7e3483..6971fbf4ee0 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -287,6 +287,52 @@ static int acl_childClasses(struct ldb_module *module, return LDB_SUCCESS; } +static int acl_check_access_on_class(struct ldb_module *module, + const struct dsdb_schema *schema, + TALLOC_CTX *mem_ctx, + struct security_descriptor *sd, + struct security_token *token, + struct dom_sid *rp_sid, + uint32_t access_mask, + const char *class_name) +{ + int ret; + NTSTATUS status; + uint32_t access_granted; + struct object_tree *root = NULL; + struct object_tree *new_node = NULL; + const struct GUID *guid; + + if (class_name != NULL) { + guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name); + if (!guid) { + DEBUG(10, ("acl_search: cannot find class %s\n", + class_name)); + goto fail; + } + if (!insert_in_object_tree(mem_ctx, + guid, access_mask, + &root, &new_node)) { + DEBUG(10, ("acl_search: cannot add to object tree guid\n")); + goto fail; + } + } + + status = sec_access_check_ds(sd, token, + access_mask, + &access_granted, + root, + rp_sid); + if (!NT_STATUS_IS_OK(status)) { + ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; + } else { + ret = LDB_SUCCESS; + } + return ret; +fail: + return ldb_operr(ldb_module_get_ctx(module)); +} + static int acl_childClassesEffective(struct ldb_module *module, const struct dsdb_schema *schema, struct ldb_message *sd_msg, @@ -339,6 +385,7 @@ static int acl_childClassesEffective(struct ldb_module *module, schema, msg, sd, + acl_user_token(module), sid, SEC_ADS_CREATE_CHILD, sclass->possibleInferiors[j]); diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c index f483fd386e3..d24d388d25b 100644 --- a/source4/dsdb/samdb/ldb_modules/schema.c +++ b/source4/dsdb/samdb/ldb_modules/schema.c @@ -73,52 +73,6 @@ const struct dsdb_class *get_last_structural_class(const struct dsdb_schema *sch return last_class; } -int acl_check_access_on_class(struct ldb_module *module, - const struct dsdb_schema *schema, - TALLOC_CTX *mem_ctx, - struct security_descriptor *sd, - struct dom_sid *rp_sid, - uint32_t access_mask, - const char *class_name) -{ - int ret; - NTSTATUS status; - uint32_t access_granted; - struct object_tree *root = NULL; - struct object_tree *new_node = NULL; - const struct GUID *guid; - TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - struct security_token *token = acl_user_token(module); - if (class_name) { - guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name); - if (!guid) { - DEBUG(10, ("acl_search: cannot find class %s\n", - class_name)); - goto fail; - } - if (!insert_in_object_tree(tmp_ctx, - guid, access_mask, - &root, &new_node)) { - DEBUG(10, ("acl_search: cannot add to object tree guid\n")); - goto fail; - } - } - status = sec_access_check_ds(sd, token, - access_mask, - &access_granted, - root, - rp_sid); - if (!NT_STATUS_IS_OK(status)) { - ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; - } - else { - ret = LDB_SUCCESS; - } - return ret; -fail: - return ldb_operr(ldb_module_get_ctx(module)); -} - const struct GUID *get_oc_guid_from_message(struct ldb_module *module, const struct dsdb_schema *schema, struct ldb_message *msg)