summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-21 15:24:46 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:20 +0100
commit67045fafe8a826792a51a504aa85ee6d8e137059 (patch)
treee3c6d99e5526c874ef46f2f2897869f7fec6f95f
parent690b5e11618eb0385272d6a003761db22369e620 (diff)
downloadsamba-67045fafe8a826792a51a504aa85ee6d8e137059.tar.gz
samba-67045fafe8a826792a51a504aa85ee6d8e137059.tar.bz2
samba-67045fafe8a826792a51a504aa85ee6d8e137059.zip
s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor
If the nTSecurityDescriptor is explicitly specified without the SD Flags control we should go through descriptor_search_callback(). This is not strictly needed at the moment, but makes the code clearer and might avoid surprises in the future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index db8bba7395..a876346b60 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -739,9 +739,20 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req)
struct ldb_control *sd_control;
struct ldb_request *down_req;
struct descriptor_context *ac;
+ bool show_sd = false;
sd_control = ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID);
- if (!sd_control) {
+ if (sd_control != NULL) {
+ show_sd = true;
+ }
+
+ if (!show_sd &&
+ ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor"))
+ {
+ show_sd = true;
+ }
+
+ if (!show_sd) {
return ldb_next_request(module, req);
}