summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 24b6507803..539363cb10 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -481,6 +481,14 @@ static int acl_sDRightsEffective(struct ldb_module *module,
flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL | SECINFO_DACL;
}
else {
+ const struct dsdb_attribute *attr;
+
+ attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
+ "nTSecurityDescriptor");
+ if (attr == NULL) {
+ return ldb_operr(ldb);
+ }
+
/* Get the security descriptor from the message */
ret = dsdb_get_sd_from_ldb_message(ldb, msg, sd_msg, &sd);
if (ret != LDB_SUCCESS) {
@@ -492,7 +500,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
sd,
sid,
SEC_STD_WRITE_OWNER,
- NULL);
+ attr);
if (ret == LDB_SUCCESS) {
flags |= SECINFO_OWNER | SECINFO_GROUP;
}
@@ -501,7 +509,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
sd,
sid,
SEC_STD_WRITE_DAC,
- NULL);
+ attr);
if (ret == LDB_SUCCESS) {
flags |= SECINFO_DACL;
}
@@ -510,7 +518,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
sd,
sid,
SEC_FLAG_SYSTEM_SECURITY,
- NULL);
+ attr);
if (ret == LDB_SUCCESS) {
flags |= SECINFO_SACL;
}