diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-12-06 15:56:26 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-12-10 13:53:48 +0100 |
commit | 6bc2caed8b3f153f92af013275f39c803f886a22 (patch) | |
tree | 2e9edccf65956467c9f76a03fccbbf9bb3e4c05f | |
parent | 22bb2fd868b8df2244b801aeaa515a8a4036bce8 (diff) | |
download | samba-6bc2caed8b3f153f92af013275f39c803f886a22.tar.gz samba-6bc2caed8b3f153f92af013275f39c803f886a22.tar.bz2 samba-6bc2caed8b3f153f92af013275f39c803f886a22.zip |
s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
If the sd_flags control is specified, we should return nTSecurityDescriptor
only if the client asked for all attributes.
If there's a list of only explicit attribute names, we should ignore
the sd_flags control.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/operational.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 4ce8b8fdda..c642ad8c92 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -721,10 +721,20 @@ static int operational_search_post_process(struct ldb_module *module, continue; } case OPERATIONAL_SD_FLAGS: - if (controls_flags->sd || - ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) { + if (ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) { continue; } + if (controls_flags->sd) { + if (attrs_from_user == NULL) { + continue; + } + if (attrs_from_user[0] == NULL) { + continue; + } + if (ldb_attr_in_list(attrs_from_user, "*")) { + continue; + } + } ldb_msg_remove_attr(msg, operational_remove[i].attr); break; } |