s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to its only...

Reduce the number of not to be shared functions in "schema.c".

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index d898d7e3483b57d01d42cf1d9e5b3d42c81ea144..6971fbf4ee027a0fbf6b11c88d49470a93d260f8 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -287,6 +287,52 @@ static int acl_childClasses(struct ldb_module *module,
        return LDB_SUCCESS;
 }
 
+static int acl_check_access_on_class(struct ldb_module *module,
+                                    const struct dsdb_schema *schema,
+                                    TALLOC_CTX *mem_ctx,
+                                    struct security_descriptor *sd,
+                                    struct security_token *token,
+                                    struct dom_sid *rp_sid,
+                                    uint32_t access_mask,
+                                    const char *class_name)
+{
+       int ret;
+       NTSTATUS status;
+       uint32_t access_granted;
+       struct object_tree *root = NULL;
+       struct object_tree *new_node = NULL;
+       const struct GUID *guid;
+
+       if (class_name != NULL) {
+               guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
+               if (!guid) {
+                       DEBUG(10, ("acl_search: cannot find class %s\n",
+                                  class_name));
+                       goto fail;
+               }
+               if (!insert_in_object_tree(mem_ctx,
+                                          guid, access_mask,
+                                          &root, &new_node)) {
+                       DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
+                       goto fail;
+               }
+       }
+
+       status = sec_access_check_ds(sd, token,
+                                    access_mask,
+                                    &access_granted,
+                                    root,
+                                    rp_sid);
+       if (!NT_STATUS_IS_OK(status)) {
+               ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+       } else {
+               ret = LDB_SUCCESS;
+       }
+       return ret;
+fail:
+       return ldb_operr(ldb_module_get_ctx(module));
+}
+
 static int acl_childClassesEffective(struct ldb_module *module,
                                     const struct dsdb_schema *schema,
                                     struct ldb_message *sd_msg,
@@ -339,6 +385,7 @@ static int acl_childClassesEffective(struct ldb_module *module,
                                                        schema,
                                                        msg,
                                                        sd,
+                                                       acl_user_token(module),
                                                        sid,
                                                        SEC_ADS_CREATE_CHILD,
                                                        sclass->possibleInferiors[j]);

diff --git a/source4/dsdb/samdb/ldb_modules/schema.c b/source4/dsdb/samdb/ldb_modules/schema.c
index f483fd386e3f332b5ef593dbaae6f3f7dbff5323..d24d388d25b5d51d578ddc0c9207a6531c50d2fe 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/schema.c
+++ b/source4/dsdb/samdb/ldb_modules/schema.c
@@ -73,52 +73,6 @@ const struct dsdb_class *get_last_structural_class(const struct dsdb_schema *sch
        return last_class;
 }
 
-int acl_check_access_on_class(struct ldb_module *module,
-                             const struct dsdb_schema *schema,
-                             TALLOC_CTX *mem_ctx,
-                             struct security_descriptor *sd,
-                             struct dom_sid *rp_sid,
-                             uint32_t access_mask,
-                             const char *class_name)
-{
-       int ret;
-       NTSTATUS status;
-       uint32_t access_granted;
-       struct object_tree *root = NULL;
-       struct object_tree *new_node = NULL;
-       const struct GUID *guid;
-       TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-       struct security_token *token = acl_user_token(module);
-       if (class_name) {
-               guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
-               if (!guid) {
-                       DEBUG(10, ("acl_search: cannot find class %s\n",
-                                  class_name));
-                       goto fail;
-               }
-               if (!insert_in_object_tree(tmp_ctx,
-                                          guid, access_mask,
-                                          &root, &new_node)) {
-                       DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
-                       goto fail;
-               }
-       }
-       status = sec_access_check_ds(sd, token,
-                                    access_mask,
-                                    &access_granted,
-                                    root,
-                                    rp_sid);
-       if (!NT_STATUS_IS_OK(status)) {
-               ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
-       }
-       else {
-               ret = LDB_SUCCESS;
-       }
-       return ret;
-fail:
-       return ldb_operr(ldb_module_get_ctx(module));
-}
-
 const struct GUID *get_oc_guid_from_message(struct ldb_module *module,
                                                   const struct dsdb_schema *schema,
                                                   struct ldb_message *msg)