old_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor");
}
+ if ((sd_recalculate_control != NULL) &&
+ (sd_recalculate_control->data != NULL))
+ {
+ if (user_sd != NULL) {
+ return ldb_error(ldb, ret,
+ "descriptor_modify: RECALCULATE_SD with given value rejected");
+ }
+
+ sd_flags = 0x0000000F;
+ old_sd = NULL;
+ user_sd = ldb_msg_find_ldb_val(current_res->msgs[0], "nTSecurityDescriptor");
+ }
+
sd = get_new_descriptor(module, dn, state,
objectclass, parent_sd,
user_sd, old_sd, sd_flags);
msg = ldb_msg_copy_shallow(state, req->op.mod.message);
if (sd != NULL) {
struct ldb_message_element *sd_element;
- if (user_sd != NULL) {
- sd_element = ldb_msg_find_element(msg,
- "nTSecurityDescriptor");
- sd_element->values[0] = *sd;
- } else if (sd_recalculate_control != NULL) {
+
+ if (sd_recalculate_control != NULL) {
/* In this branch we really do force the recalculation
* of the SD */
ldb_msg_remove_attr(msg, "nTSecurityDescriptor");
sd_element = ldb_msg_find_element(msg,
"nTSecurityDescriptor");
sd_element->flags = LDB_FLAG_MOD_REPLACE;
+ } else if (user_sd != NULL) {
+ sd_element = ldb_msg_find_element(msg,
+ "nTSecurityDescriptor");
+ sd_element->values[0] = *sd;
}
}
ret = ldb_request_add_control(sub_req,
LDB_CONTROL_RECALCULATE_SD_OID,
- true, NULL);
+ true, req);
if (ret != LDB_SUCCESS) {
talloc_free(ares);
return ldb_module_done(req, NULL, NULL,
ret = ldb_request_add_control(mod_req,
LDB_CONTROL_RECALCULATE_SD_OID,
- true, NULL);
+ true, req);
if (ret != LDB_SUCCESS) {
talloc_free(ares);
return ldb_module_done(req, NULL, NULL,