summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 9a4f3d3e04..b41c0aafba 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -619,7 +619,7 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
const struct ldb_val *user_sd;
struct ldb_dn *dn = req->op.mod.message->dn;
struct ldb_dn *parent_dn;
- struct ldb_message_element *objectclass_element;
+ struct ldb_message_element *objectclass_element, *sd_element;
int ret;
uint32_t instanceType;
uint32_t sd_flags = dsdb_request_sd_flags(req, NULL);
@@ -636,8 +636,15 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
+
+ sd_element = ldb_msg_find_element(req->op.mod.message, "nTSecurityDescriptor");
+ if (sd_element == NULL) {
+ return ldb_next_request(module, req);
+ }
+
user_sd = ldb_msg_find_ldb_val(req->op.mod.message, "nTSecurityDescriptor");
- if (!user_sd) {
+ /* nTSecurityDescriptor without a value is an error, letting through so it is handled */
+ if (user_sd == NULL) {
return ldb_next_request(module, req);
}
@@ -707,14 +714,7 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
if (msg == NULL) {
return ldb_oom(ldb);
}
- if (sd != NULL) {
- struct ldb_message_element *sd_element;
- if (user_sd != NULL) {
- sd_element = ldb_msg_find_element(msg,
- "nTSecurityDescriptor");
- sd_element->values[0] = *sd;
- }
- }
+ sd_element->values[0] = *sd;
ret = ldb_build_mod_req(&mod_req, ldb, req,
msg,