diff options
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index e4adcde8f3..787e3ef5b9 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -45,9 +45,9 @@ struct aclread_context { const char * const *attrs; const struct dsdb_schema *schema; uint32_t sd_flags; - bool sd; - bool instance_type; - bool object_sid; + bool added_nTSecurityDescriptor; + bool added_instanceType; + bool added_objectSid; bool indirsync; }; @@ -145,15 +145,15 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) is_instancetype = ldb_attr_cmp("instanceType", msg->elements[i].name) == 0; /* these attributes were added to perform access checks and must be removed */ - if (is_objectsid && ac->object_sid) { + if (is_objectsid && ac->added_objectSid) { aclread_mark_inaccesslible(&msg->elements[i]); continue; } - if (is_instancetype && ac->instance_type) { + if (is_instancetype && ac->added_instanceType) { aclread_mark_inaccesslible(&msg->elements[i]); continue; } - if (is_sd && ac->sd) { + if (is_sd && ac->added_nTSecurityDescriptor) { aclread_mark_inaccesslible(&msg->elements[i]); continue; } @@ -295,6 +295,7 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) uint32_t flags = ldb_req_get_custom_flags(req); struct ldb_result *res; struct aclread_private *p; + bool need_sd = false; bool is_untrusted = ldb_req_is_untrusted(req); static const char * const _all_attrs[] = { "*", NULL }; bool all_attrs = false; @@ -384,31 +385,33 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) */ ac->sd_flags = dsdb_request_sd_flags(ac->req, NULL); - ac->sd = !(ldb_attr_in_list(attrs, "nTSecurityDescriptor")); + need_sd = !(ldb_attr_in_list(attrs, "nTSecurityDescriptor")); if (!all_attrs) { if (!ldb_attr_in_list(attrs, "instanceType")) { - ac->instance_type = true; attrs = ldb_attr_list_copy_add(ac, attrs, "instanceType"); if (attrs == NULL) { return ldb_oom(ldb); } + ac->added_instanceType = true; } if (!ldb_attr_in_list(req->op.search.attrs, "objectSid")) { - ac->object_sid = true; attrs = ldb_attr_list_copy_add(ac, attrs, "objectSid"); if (attrs == NULL) { return ldb_oom(ldb); } + ac->added_objectSid = true; } } - if (ac->sd) { + if (need_sd) { attrs = ldb_attr_list_copy_add(ac, attrs, "nTSecurityDescriptor"); if (attrs == NULL) { return ldb_oom(ldb); } + ac->added_nTSecurityDescriptor = true; } + ac->attrs = req->op.search.attrs; ret = ldb_build_search_req_ex(&down_req, ldb, ac, |