summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-12-06 12:36:09 +0100
committerMichael Adam <obnox@samba.org>2012-12-10 13:53:47 +0100
commit22bb2fd868b8df2244b801aeaa515a8a4036bce8 (patch)
tree3fc448d2159a19b08ec09af7e0a70805d889e2c3
parent4f8558ffaf4c9fb9e350ec528ec1ce60de5f2e24 (diff)
downloadsamba-22bb2fd868b8df2244b801aeaa515a8a4036bce8.tar.gz
samba-22bb2fd868b8df2244b801aeaa515a8a4036bce8.tar.bz2
samba-22bb2fd868b8df2244b801aeaa515a8a4036bce8.zip
s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470)
Not returning the nTSecurityDescriptor causes a lot of problems. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_read.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 787e3ef5b9..9955451e77 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -296,6 +296,7 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
struct ldb_result *res;
struct aclread_private *p;
bool need_sd = false;
+ bool explicit_sd_flags = false;
bool is_untrusted = ldb_req_is_untrusted(req);
static const char * const _all_attrs[] = { "*", NULL };
bool all_attrs = false;
@@ -383,9 +384,15 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
* expensive so we'd better had the ntsecuritydescriptor to the list of
* searched attribute and then remove it !
*/
- ac->sd_flags = dsdb_request_sd_flags(ac->req, NULL);
+ ac->sd_flags = dsdb_request_sd_flags(ac->req, &explicit_sd_flags);
- need_sd = !(ldb_attr_in_list(attrs, "nTSecurityDescriptor"));
+ if (ldb_attr_in_list(attrs, "nTSecurityDescriptor")) {
+ need_sd = false;
+ } else if (explicit_sd_flags && all_attrs) {
+ need_sd = false;
+ } else {
+ need_sd = true;
+ }
if (!all_attrs) {
if (!ldb_attr_in_list(attrs, "instanceType")) {