dsdb-acl: don't call dsdb_user_password_support() if we don't use the result

author Stefan Metzmacher <metze@samba.org>

Thu, 17 Jan 2013 07:37:12 +0000 (08:37 +0100)

committer Matthieu Patou <mat@matws.net>

Thu, 17 Jan 2013 08:16:24 +0000 (00:16 -0800)
author Stefan Metzmacher <metze@samba.org>
Thu, 17 Jan 2013 07:37:12 +0000 (08:37 +0100)
committer Matthieu Patou <mat@matws.net>
Thu, 17 Jan 2013 08:16:24 +0000 (00:16 -0800)
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c

index 9056a41caea708e9a38aa841b0d6ba581510a1d9..19271326aa9d3020d4e942e0fbcc7ff721a86463 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -982,7 +982,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
         struct security_descriptor *sd;
         struct dom_sid *sid = NULL;
         struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
-       bool userPassword = dsdb_user_password_support(module, req, req);
+       bool userPassword;
         TALLOC_CTX *tmp_ctx = talloc_new(req);
         static const char *acl_attrs[] = {
                 "nTSecurityDescriptor",
@@ -1017,6 +1017,8 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
                 goto fail;
         }
  
+       userPassword = dsdb_user_password_support(module, req, req);
+
         schema = dsdb_get_schema(ldb, tmp_ctx);
         if (!schema) {
                 talloc_free(tmp_ctx);
@@ -1661,7 +1663,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
         ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses");
         ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective");
         ac->sDRightsEffective = ldb_attr_in_list(req->op.search.attrs, "sDRightsEffective");
-       ac->userPassword = dsdb_user_password_support(module, ac, req);
+       ac->userPassword = true;
         ac->schema = dsdb_get_schema(ldb, ac);
  
         ac->constructed_attrs |= ac->allowedAttributes;
@@ -1681,6 +1683,10 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
                 return ldb_next_request(module, req);
         }
  
+       if (!ac->am_system) {
+               ac->userPassword = dsdb_user_password_support(module, ac, req);
+       }
+
         ret = acl_search_update_confidential_attrs(ac, data);
         if (ret != LDB_SUCCESS) {
                 return ret;
author	Stefan Metzmacher <metze@samba.org>
	Thu, 17 Jan 2013 07:37:12 +0000 (08:37 +0100)
committer	Matthieu Patou <mat@matws.net>
	Thu, 17 Jan 2013 08:16:24 +0000 (00:16 -0800)