bool added_nTSecurityDescriptor;
bool added_instanceType;
bool added_objectSid;
+ bool added_objectClass;
bool indirsync;
};
goto fail;
}
}
+
/* for every element in the message check RP */
for (i=0; i < msg->num_elements; i++) {
const struct dsdb_attribute *attr;
- bool is_sd, is_objectsid, is_instancetype;
+ bool is_sd, is_objectsid, is_instancetype, is_objectclass;
uint32_t access_mask;
attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
msg->elements[i].name);
msg->elements[i].name) == 0;
is_instancetype = ldb_attr_cmp("instanceType",
msg->elements[i].name) == 0;
+ is_objectclass = ldb_attr_cmp("objectClass",
+ msg->elements[i].name) == 0;
/* these attributes were added to perform access checks and must be removed */
if (is_objectsid && ac->added_objectSid) {
aclread_mark_inaccesslible(&msg->elements[i]);
aclread_mark_inaccesslible(&msg->elements[i]);
continue;
}
+ if (is_objectclass && ac->added_objectClass) {
+ aclread_mark_inaccesslible(&msg->elements[i]);
+ continue;
+ }
if (is_sd && ac->added_nTSecurityDescriptor) {
aclread_mark_inaccesslible(&msg->elements[i]);
continue;
}
ac->added_objectSid = true;
}
+ if (!ldb_attr_in_list(req->op.search.attrs, "objectClass")) {
+ attrs = ldb_attr_list_copy_add(ac, attrs, "objectClass");
+ if (attrs == NULL) {
+ return ldb_oom(ldb);
+ }
+ ac->added_objectClass = true;
+ }
}
if (need_sd) {