diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-12-06 12:36:09 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-12-11 09:05:08 +0100 |
commit | ac3dd3ca042d59dd925d1d8bec62dc86cd1fab1e (patch) | |
tree | 2d857f29f4d8e668dce1625779f580ace541b454 | |
parent | b73f780f5cf4dd64b8da8d4cb45554ce0202a14f (diff) | |
download | samba-ac3dd3ca042d59dd925d1d8bec62dc86cd1fab1e.tar.gz |
s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470)
Not returning the nTSecurityDescriptor causes a lot of problems.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 22bb2fd868b8df2244b801aeaa515a8a4036bce8)
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 787e3ef5b95..9955451e778 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -296,6 +296,7 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) struct ldb_result *res; struct aclread_private *p; bool need_sd = false; + bool explicit_sd_flags = false; bool is_untrusted = ldb_req_is_untrusted(req); static const char * const _all_attrs[] = { "*", NULL }; bool all_attrs = false; @@ -383,9 +384,15 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) * expensive so we'd better had the ntsecuritydescriptor to the list of * searched attribute and then remove it ! */ - ac->sd_flags = dsdb_request_sd_flags(ac->req, NULL); + ac->sd_flags = dsdb_request_sd_flags(ac->req, &explicit_sd_flags); - need_sd = !(ldb_attr_in_list(attrs, "nTSecurityDescriptor")); + if (ldb_attr_in_list(attrs, "nTSecurityDescriptor")) { + need_sd = false; + } else if (explicit_sd_flags && all_attrs) { + need_sd = false; + } else { + need_sd = true; + } if (!all_attrs) { if (!ldb_attr_in_list(attrs, "instanceType")) { |