[SCM] Samba Shared Repository - branch master updated

Nadezhda Ivanova nivanova at samba.org
Fri Apr 15 08:17:02 MDT 2011


The branch, master has been updated
       via  85e8c86 s4-dsdb: Add more information on why we don't check the SD control
       via  cf4a308 s4-dsdb: If current attribute list is empty use the one from the request
      from  0e18a59 s3-build: fix the --with-profiling-data build on mac os x.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 85e8c863025db3dd6b895b42c7bf53c5b339b48a
Author: Matthieu Patou <mat at matws.net>
Date:   Thu Apr 14 23:03:50 2011 +0400

    s4-dsdb: Add more information on why we don't check the SD control
    
    Signed-off-by: Nadezhda Ivanova <nivanova at samba.org>
    
    Autobuild-User: Nadezhda Ivanova <nivanova at samba.org>
    Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104

commit cf4a3081cbba88b00a3e224ce0ba61eb3d067985
Author: Matthieu Patou <mat at matws.net>
Date:   Thu Apr 14 22:02:48 2011 +0400

    s4-dsdb: If current attribute list is empty use the one from the request
    
    This will avoid overwritting attribute list made by upper modules.
    
    Signed-off-by: Nadezhda Ivanova <nivanova at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/acl_read.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index cde6d11..181619a 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -287,6 +287,11 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
 	if (!ac->schema) {
 		return ldb_operr(ldb);
 	}
+	/*
+	 * In theory we should also check for the SD control but control verification is
+	 * expensive so we'd better had the ntsecuritydescriptor to the list of
+	 * searched attribute and then remove it !
+	 */
 	ac->sd = !(ldb_attr_in_list(req->op.search.attrs, "nTSecurityDescriptor"));
 	if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) {
 		if (!ldb_attr_in_list(req->op.search.attrs, "instanceType")) {
@@ -305,7 +310,7 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
 		/* avoid replacing all attributes with nTSecurityDescriptor
 		 * if attribute list is empty */
 		if (!attrs) {
-			attrs = ldb_attr_list_copy_add(ac, attrs, "*");
+			attrs = ldb_attr_list_copy_add(ac, req->op.search.attrs, "*");
 		}
 		attrs = ldb_attr_list_copy_add(ac, attrs, "nTSecurityDescriptor");
 	}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list