summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c41
1 files changed, 36 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 2cc028f592..4a288f152f 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -79,9 +79,12 @@ static int acl_module_init(struct ldb_module *module)
struct ldb_context *ldb;
struct acl_private *data;
int ret;
- unsigned int i;
+ unsigned int i, n, j;
TALLOC_CTX *mem_ctx;
- static const char *attrs[] = { "passwordAttribute", NULL };
+ static const char * const attrs[] = { "passwordAttribute", NULL };
+ static const char * const secret_attrs[] = {
+ DSDB_SECRET_ATTRIBUTES
+ };
struct ldb_result *res;
struct ldb_message *msg;
struct ldb_message_element *password_attributes;
@@ -133,16 +136,44 @@ static int acl_module_init(struct ldb_module *module)
if (!password_attributes) {
goto done;
}
- data->password_attrs = talloc_array(data, const char *, password_attributes->num_values + 1);
+ data->password_attrs = talloc_array(data, const char *,
+ password_attributes->num_values +
+ ARRAY_SIZE(secret_attrs) + 1);
if (!data->password_attrs) {
talloc_free(mem_ctx);
return ldb_oom(ldb);
}
+
+ n = 0;
for (i=0; i < password_attributes->num_values; i++) {
- data->password_attrs[i] = (const char *)password_attributes->values[i].data;
+ data->password_attrs[n] = (const char *)password_attributes->values[i].data;
talloc_steal(data->password_attrs, password_attributes->values[i].data);
+ n++;
+ }
+
+ for (i=0; i < ARRAY_SIZE(secret_attrs); i++) {
+ bool found = false;
+
+ for (j=0; j < n; j++) {
+ if (strcasecmp(data->password_attrs[j], secret_attrs[i]) == 0) {
+ found = true;
+ break;
+ }
+ }
+
+ if (found) {
+ continue;
+ }
+
+ data->password_attrs[n] = talloc_strdup(data->password_attrs,
+ secret_attrs[i]);
+ if (data->password_attrs[n] == NULL) {
+ talloc_free(mem_ctx);
+ return ldb_oom(ldb);
+ }
+ n++;
}
- data->password_attrs[i] = NULL;
+ data->password_attrs[n] = NULL;
done:
talloc_free(mem_ctx);