s4:dsdb/descriptor: make it clear that the SD Flags are ignored on add

See [MS-ADTS] 6.1.3.2 SD Flags Control:
  ...
  When performing an LDAP add operation, the client can supply an SD flags control
  with the operation; however, it will be ignored by the server.
  ...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index a764d69aaff711ecd31aba13f06855d17bd5886a..12186f2da20be622736eeb59b6bcab4daff70e66 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -535,9 +535,15 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req)
                return ldb_operr(ldb);
        }
 
+       /*
+        * The SD_FLAG control is ignored on add
+        * and we default to all bits set.
+        */
+       sd_flags = 0xF;
+
        sd = get_new_descriptor(module, dn, req,
                                objectclass, parent_sd,
-                               user_sd, NULL, 0);
+                               user_sd, NULL, sd_flags);
        msg = ldb_msg_copy_shallow(req, req->op.add.message);
        if (sd != NULL) {
                if (sd_element != NULL) {