diff options
author | Matthieu Patou <mat@matws.net> | 2011-04-14 23:03:50 +0400 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2011-04-15 16:16:27 +0200 |
commit | 85e8c863025db3dd6b895b42c7bf53c5b339b48a (patch) | |
tree | dee399d77f077b1bf87e3651d994ef64714da00f | |
parent | cf4a3081cbba88b00a3e224ce0ba61eb3d067985 (diff) | |
download | samba-85e8c863025db3dd6b895b42c7bf53c5b339b48a.tar.gz samba-85e8c863025db3dd6b895b42c7bf53c5b339b48a.tar.bz2 samba-85e8c863025db3dd6b895b42c7bf53c5b339b48a.zip |
s4-dsdb: Add more information on why we don't check the SD control
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 359b39f09b..181619ab28 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -287,6 +287,11 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) if (!ac->schema) { return ldb_operr(ldb); } + /* + * In theory we should also check for the SD control but control verification is + * expensive so we'd better had the ntsecuritydescriptor to the list of + * searched attribute and then remove it ! + */ ac->sd = !(ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor")); if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) { if (!ldb_attr_in_list(req->op.search.attrs, "instanceType")) { |