[SCM] Samba Shared Repository - branch master updated

Fri, 15 Apr 2011 07:21:00 -0700 

The branch, master has been updated
       via  85e8c86 s4-dsdb: Add more information on why we don't check the SD 
control
       via  cf4a308 s4-dsdb: If current attribute list is empty use the one 
from the request
      from  0e18a59 s3-build: fix the --with-profiling-data build on mac os x.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 85e8c863025db3dd6b895b42c7bf53c5b339b48a
Author: Matthieu Patou <[email protected]>
Date:   Thu Apr 14 23:03:50 2011 +0400

    s4-dsdb: Add more information on why we don't check the SD control
    
    Signed-off-by: Nadezhda Ivanova <[email protected]>
    
    Autobuild-User: Nadezhda Ivanova <[email protected]>
    Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104

commit cf4a3081cbba88b00a3e224ce0ba61eb3d067985
Author: Matthieu Patou <[email protected]>
Date:   Thu Apr 14 22:02:48 2011 +0400

    s4-dsdb: If current attribute list is empty use the one from the request
    
    This will avoid overwritting attribute list made by upper modules.
    
    Signed-off-by: Nadezhda Ivanova <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/acl_read.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c 
b/source4/dsdb/samdb/ldb_modules/acl_read.c
index cde6d11..181619a 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -287,6 +287,11 @@ static int aclread_search(struct ldb_module *module, 
struct ldb_request *req)
        if (!ac->schema) {
                return ldb_operr(ldb);
        }
+       /*
+        * In theory we should also check for the SD control but control 
verification is
+        * expensive so we'd better had the ntsecuritydescriptor to the list of
+        * searched attribute and then remove it !
+        */
        ac->sd = !(ldb_attr_in_list(req->op.search.attrs, 
"nTSecurityDescriptor"));
        if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, 
"*")) {
                if (!ldb_attr_in_list(req->op.search.attrs, "instanceType")) {
@@ -305,7 +310,7 @@ static int aclread_search(struct ldb_module *module, struct 
ldb_request *req)
                /* avoid replacing all attributes with nTSecurityDescriptor
                 * if attribute list is empty */
                if (!attrs) {
-                       attrs = ldb_attr_list_copy_add(ac, attrs, "*");
+                       attrs = ldb_attr_list_copy_add(ac, 
req->op.search.attrs, "*");
                }
                attrs = ldb_attr_list_copy_add(ac, attrs, 
"nTSecurityDescriptor");
        }


-- 
Samba Shared Repository

Reply via email to