diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-21 15:24:46 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:20 +0100 |
commit | 67045fafe8a826792a51a504aa85ee6d8e137059 (patch) | |
tree | e3c6d99e5526c874ef46f2f2897869f7fec6f95f | |
parent | 690b5e11618eb0385272d6a003761db22369e620 (diff) | |
download | samba-67045fafe8a826792a51a504aa85ee6d8e137059.tar.gz samba-67045fafe8a826792a51a504aa85ee6d8e137059.tar.bz2 samba-67045fafe8a826792a51a504aa85ee6d8e137059.zip |
s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor
If the nTSecurityDescriptor is explicitly specified
without the SD Flags control we should go through descriptor_search_callback().
This is not strictly needed at the moment, but makes the code clearer
and might avoid surprises in the future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index db8bba7395..a876346b60 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -739,9 +739,20 @@ static int descriptor_search(struct ldb_module *module, struct ldb_request *req) struct ldb_control *sd_control; struct ldb_request *down_req; struct descriptor_context *ac; + bool show_sd = false; sd_control = ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID); - if (!sd_control) { + if (sd_control != NULL) { + show_sd = true; + } + + if (!show_sd && + ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor")) + { + show_sd = true; + } + + if (!show_sd) { return ldb_next_request(module, req); } |