summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2011-04-14 23:03:50 +0400
committerNadezhda Ivanova <nivanova@samba.org>2011-04-15 16:16:27 +0200
commit85e8c863025db3dd6b895b42c7bf53c5b339b48a (patch)
treedee399d77f077b1bf87e3651d994ef64714da00f
parentcf4a3081cbba88b00a3e224ce0ba61eb3d067985 (diff)
downloadsamba-85e8c863025db3dd6b895b42c7bf53c5b339b48a.tar.gz
samba-85e8c863025db3dd6b895b42c7bf53c5b339b48a.tar.bz2
samba-85e8c863025db3dd6b895b42c7bf53c5b339b48a.zip
s4-dsdb: Add more information on why we don't check the SD control
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_read.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 359b39f09b..181619ab28 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -287,6 +287,11 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
if (!ac->schema) {
return ldb_operr(ldb);
}
+ /*
+ * In theory we should also check for the SD control but control verification is
+ * expensive so we'd better had the ntsecuritydescriptor to the list of
+ * searched attribute and then remove it !
+ */
ac->sd = !(ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor"));
if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) {
if (!ldb_attr_in_list(req->op.search.attrs, "instanceType")) {