const char * const *attrs;
const struct dsdb_schema *schema;
uint32_t sd_flags;
- bool sd;
- bool instance_type;
- bool object_sid;
+ bool added_nTSecurityDescriptor;
+ bool added_instanceType;
+ bool added_objectSid;
bool indirsync;
};
is_instancetype = ldb_attr_cmp("instanceType",
msg->elements[i].name) == 0;
/* these attributes were added to perform access checks and must be removed */
- if (is_objectsid && ac->object_sid) {
+ if (is_objectsid && ac->added_objectSid) {
aclread_mark_inaccesslible(&msg->elements[i]);
continue;
}
- if (is_instancetype && ac->instance_type) {
+ if (is_instancetype && ac->added_instanceType) {
aclread_mark_inaccesslible(&msg->elements[i]);
continue;
}
- if (is_sd && ac->sd) {
+ if (is_sd && ac->added_nTSecurityDescriptor) {
aclread_mark_inaccesslible(&msg->elements[i]);
continue;
}
uint32_t flags = ldb_req_get_custom_flags(req);
struct ldb_result *res;
struct aclread_private *p;
+ bool need_sd = false;
bool is_untrusted = ldb_req_is_untrusted(req);
static const char * const _all_attrs[] = { "*", NULL };
bool all_attrs = false;
*/
ac->sd_flags = dsdb_request_sd_flags(ac->req, NULL);
- ac->sd = !(ldb_attr_in_list(attrs, "nTSecurityDescriptor"));
+ need_sd = !(ldb_attr_in_list(attrs, "nTSecurityDescriptor"));
if (!all_attrs) {
if (!ldb_attr_in_list(attrs, "instanceType")) {
- ac->instance_type = true;
attrs = ldb_attr_list_copy_add(ac, attrs, "instanceType");
if (attrs == NULL) {
return ldb_oom(ldb);
}
+ ac->added_instanceType = true;
}
if (!ldb_attr_in_list(req->op.search.attrs, "objectSid")) {
- ac->object_sid = true;
attrs = ldb_attr_list_copy_add(ac, attrs, "objectSid");
if (attrs == NULL) {
return ldb_oom(ldb);
}
+ ac->added_objectSid = true;
}
}
- if (ac->sd) {
+ if (need_sd) {
attrs = ldb_attr_list_copy_add(ac, attrs, "nTSecurityDescriptor");
if (attrs == NULL) {
return ldb_oom(ldb);
}
+ ac->added_nTSecurityDescriptor = true;
}
+
ac->attrs = req->op.search.attrs;
ret = ldb_build_search_req_ex(&down_req,
ldb, ac,
git.samba.org / samba.git / commitdiff