diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-12-06 15:56:26 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-12-11 09:05:08 +0100 |
commit | c6cb652d1d7d9b7178e192608a92f3b1be41dd5f (patch) | |
tree | fcbbe15db326cae798ac47116afcfcdc2634761a | |
parent | ac3dd3ca042d59dd925d1d8bec62dc86cd1fab1e (diff) | |
download | samba-c6cb652d1d7d9b7178e192608a92f3b1be41dd5f.tar.gz |
s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
If the sd_flags control is specified, we should return nTSecurityDescriptor
only if the client asked for all attributes.
If there's a list of only explicit attribute names, we should ignore
the sd_flags control.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 6bc2caed8b3f153f92af013275f39c803f886a22)
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/operational.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 4ce8b8fddaf..c642ad8c928 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -721,10 +721,20 @@ static int operational_search_post_process(struct ldb_module *module, continue; } case OPERATIONAL_SD_FLAGS: - if (controls_flags->sd || - ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) { + if (ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) { continue; } + if (controls_flags->sd) { + if (attrs_from_user == NULL) { + continue; + } + if (attrs_from_user[0] == NULL) { + continue; + } + if (ldb_attr_in_list(attrs_from_user, "*")) { + continue; + } + } ldb_msg_remove_attr(msg, operational_remove[i].attr); break; } |