diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 9056a41cae..19271326aa 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -982,7 +982,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) struct security_descriptor *sd; struct dom_sid *sid = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); - bool userPassword = dsdb_user_password_support(module, req, req); + bool userPassword; TALLOC_CTX *tmp_ctx = talloc_new(req); static const char *acl_attrs[] = { "nTSecurityDescriptor", @@ -1017,6 +1017,8 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) goto fail; } + userPassword = dsdb_user_password_support(module, req, req); + schema = dsdb_get_schema(ldb, tmp_ctx); if (!schema) { talloc_free(tmp_ctx); @@ -1661,7 +1663,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses"); ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective"); ac->sDRightsEffective = ldb_attr_in_list(req->op.search.attrs, "sDRightsEffective"); - ac->userPassword = dsdb_user_password_support(module, ac, req); + ac->userPassword = true; ac->schema = dsdb_get_schema(ldb, ac); ac->constructed_attrs |= ac->allowedAttributes; @@ -1681,6 +1683,10 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + if (!ac->am_system) { + ac->userPassword = dsdb_user_password_support(module, ac, req); + } + ret = acl_search_update_confidential_attrs(ac, data); if (ret != LDB_SUCCESS) { return ret; |