From 5bc2b8f0a494511800696d6d411a426463089e8b Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@samba.org>
Date: Wed, 27 Oct 2010 15:20:49 +0300
Subject: s4-ldb: Added the correct extended check for read access to
 nTSecurityDescriptor

It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL

Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
---
 source4/dsdb/samdb/ldb_modules/acl_read.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/dsdb/samdb/ldb_modules/acl_read.c')

diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 78a9e28396..bd9e1289f3 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -146,7 +146,7 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares)
 								     tmp_ctx,
 								     sd,
 								     sid,
-								     SEC_FLAG_SYSTEM_SECURITY,
+								     SEC_FLAG_SYSTEM_SECURITY|SEC_STD_READ_CONTROL,
 								     attr);
 			 } else {
 				 ret = acl_check_access_on_attribute(ac->module,
-- 
cgit