summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-12-06 15:56:26 +0100
committerMichael Adam <obnox@samba.org>2012-12-10 13:53:48 +0100
commit6bc2caed8b3f153f92af013275f39c803f886a22 (patch)
tree2e9edccf65956467c9f76a03fccbbf9bb3e4c05f /source4/dsdb/samdb
parent22bb2fd868b8df2244b801aeaa515a8a4036bce8 (diff)
downloadsamba-6bc2caed8b3f153f92af013275f39c803f886a22.tar.gz
samba-6bc2caed8b3f153f92af013275f39c803f886a22.tar.bz2
samba-6bc2caed8b3f153f92af013275f39c803f886a22.zip
s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
If the sd_flags control is specified, we should return nTSecurityDescriptor only if the client asked for all attributes. If there's a list of only explicit attribute names, we should ignore the sd_flags control. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/operational.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 4ce8b8fdda..c642ad8c92 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -721,10 +721,20 @@ static int operational_search_post_process(struct ldb_module *module,
continue;
}
case OPERATIONAL_SD_FLAGS:
- if (controls_flags->sd ||
- ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) {
+ if (ldb_attr_in_list(attrs_from_user, operational_remove[i].attr)) {
continue;
}
+ if (controls_flags->sd) {
+ if (attrs_from_user == NULL) {
+ continue;
+ }
+ if (attrs_from_user[0] == NULL) {
+ continue;
+ }
+ if (ldb_attr_in_list(attrs_from_user, "*")) {
+ continue;
+ }
+ }
ldb_msg_remove_attr(msg, operational_remove[i].attr);
break;
}