From b54d268e2042f36bc670cf8f4f33cddd957e1d34 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 24 Nov 2012 09:15:24 +0100 Subject: [PATCH] s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes The @KLUDGEACL record might not be uptodate. Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam --- source4/dsdb/samdb/ldb_modules/acl.c | 41 +++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 2cc028f5923..4a288f152ff 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -79,9 +79,12 @@ static int acl_module_init(struct ldb_module *module) struct ldb_context *ldb; struct acl_private *data; int ret; - unsigned int i; + unsigned int i, n, j; TALLOC_CTX *mem_ctx; - static const char *attrs[] = { "passwordAttribute", NULL }; + static const char * const attrs[] = { "passwordAttribute", NULL }; + static const char * const secret_attrs[] = { + DSDB_SECRET_ATTRIBUTES + }; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *password_attributes; @@ -133,16 +136,44 @@ static int acl_module_init(struct ldb_module *module) if (!password_attributes) { goto done; } - data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1); + data->password_attrs = talloc_array(data, const char *, + password_attributes->num_values + + ARRAY_SIZE(secret_attrs) + 1); if (!data->password_attrs) { talloc_free(mem_ctx); return ldb_oom(ldb); } + + n = 0; for (i=0; i < password_attributes->num_values; i++) { - data->password_attrs[i] = (const char *)password_attributes->values[i].data; + data->password_attrs[n] = (const char *)password_attributes->values[i].data; talloc_steal(data->password_attrs, password_attributes->values[i].data); + n++; + } + + for (i=0; i < ARRAY_SIZE(secret_attrs); i++) { + bool found = false; + + for (j=0; j < n; j++) { + if (strcasecmp(data->password_attrs[j], secret_attrs[i]) == 0) { + found = true; + break; + } + } + + if (found) { + continue; + } + + data->password_attrs[n] = talloc_strdup(data->password_attrs, + secret_attrs[i]); + if (data->password_attrs[n] == NULL) { + talloc_free(mem_ctx); + return ldb_oom(ldb); + } + n++; } - data->password_attrs[i] = NULL; + data->password_attrs[n] = NULL; done: talloc_free(mem_ctx); -- 2.11.4.GIT