git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a4063f)
dsdb-acl: use acl_check_access_on_objectclass() instead of acl_check_access_on_class()
authorStefan Metzmacher <metze@samba.org>
Wed, 16 Jan 2013 15:35:33 +0000 (16:35 +0100)
committerStefan Metzmacher <metze@samba.org>
Mon, 21 Jan 2013 15:12:45 +0000 (16:12 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/samdb/ldb_modules/acl.c patch | blob | history

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 638955de97902784304ac328e2433f59c5c9604b..a3f43032be2818d49d062165acb3b71b8cdb94c1 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -434,14 +434,19 @@ static int acl_childClassesEffective(struct ldb_module *module,
                }
 
                for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
-                       ret = acl_check_access_on_class(module,
-                                                       schema,
-                                                       msg,
-                                                       sd,
-                                                       acl_user_token(module),
-                                                       sid,
-                                                       SEC_ADS_CREATE_CHILD,
-                                                       sclass->possibleInferiors[j]);
+                       const struct dsdb_class *sc;
+
+                       sc = dsdb_class_by_lDAPDisplayName(schema,
+                                                          sclass->possibleInferiors[j]);
+                       if (!sc) {
+                               /* We don't know this class?  what is going on? */
+                               continue;
+                       }
+
+                       ret = acl_check_access_on_objectclass(module, ac,
+                                                             sd, sid,
+                                                             SEC_ADS_CREATE_CHILD,
+                                                             sc);
                        if (ret == LDB_SUCCESS) {
                                ldb_msg_add_string(msg, "allowedChildClassesEffective",
                                                   sclass->possibleInferiors[j]);
Work in progress branches