From 5bc2b8f0a494511800696d6d411a426463089e8b Mon Sep 17 00:00:00 2001 From: Nadezhda Ivanova Date: Wed, 27 Oct 2010 15:20:49 +0300 Subject: s4-ldb: Added the correct extended check for read access to nTSecurityDescriptor It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL Autobuild-User: Nadezhda Ivanova Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/acl_read.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 78a9e28396..bd9e1289f3 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -146,7 +146,7 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) tmp_ctx, sd, sid, - SEC_FLAG_SYSTEM_SECURITY, + SEC_FLAG_SYSTEM_SECURITY|SEC_STD_READ_CONTROL, attr); } else { ret = acl_check_access_on_attribute(ac->module, -- cgit