s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug #8620)

Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104
author: Stefan Metzmacher <metze@samba.org> 2012-11-09 17:23:53 +0100
committer: Andrew Bartlett <abartlet@samba.org> 2012-11-12 01:25:19 +0100
commit: e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4 (patch)
tree: c92d3ca43f6e68bb67536511d5bff57a49ac3eda
parent: 21dfaefda0e22f7ddaac62bfd8b32e6fb9fc253d (diff)
download: samba-e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4.tar.gz
samba-e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4.tar.bz2
samba-e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 8542163f98..e2a2d4cb9a 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -154,6 +154,10 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares)
 				access_mask = SEC_ADS_READ_PROP;
 			}
 
+			if (attr->searchFlags & SEARCH_FLAG_CONFIDENTIAL) {
+				access_mask |= SEC_ADS_CONTROL_ACCESS;
+			}
+
 			ret = acl_check_access_on_attribute(ac->module,
 							    tmp_ctx,
 							    sd,
author	Stefan Metzmacher <metze@samba.org>	2012-11-09 17:23:53 +0100
committer	Andrew Bartlett <abartlet@samba.org>	2012-11-12 01:25:19 +0100
commit	e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4 (patch)
tree	c92d3ca43f6e68bb67536511d5bff57a49ac3eda
parent	21dfaefda0e22f7ddaac62bfd8b32e6fb9fc253d (diff)
download	samba-e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4.tar.gz samba-e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4.tar.bz2 samba-e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4.zip