From 42898590bb386a13b4f0d7b0294561a78df7e268 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 21 Nov 2012 14:13:17 +0100
Subject: s4:dsdb/descriptor: make it clear that the SD Flags are ignored on
 add

See [MS-ADTS] 6.1.3.2 SD Flags Control:
  ...
  When performing an LDAP add operation, the client can supply an SD flags control
  with the operation; however, it will be ignored by the server.
  ...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 source4/dsdb/samdb/ldb_modules/descriptor.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index a764d69aaf..12186f2da2 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -535,9 +535,15 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req)
 		return ldb_operr(ldb);
 	}
 
+	/*
+	 * The SD_FLAG control is ignored on add
+	 * and we default to all bits set.
+	 */
+	sd_flags = 0xF;
+
 	sd = get_new_descriptor(module, dn, req,
 				objectclass, parent_sd,
-				user_sd, NULL, 0);
+				user_sd, NULL, sd_flags);
 	msg = ldb_msg_copy_shallow(req, req->op.add.message);
 	if (sd != NULL) {
 		if (sd_element != NULL) {
-- 
cgit