From 947985b259ac05e95d65be19c67f384579a797ce Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Jan 2013 08:37:12 +0100 Subject: [PATCH] dsdb-acl: don't call dsdb_user_password_support() if we don't use the result Signed-off-by: Stefan Metzmacher Reviewed-by: Matthieu Patou --- source4/dsdb/samdb/ldb_modules/acl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 9056a41caea..19271326aa9 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -982,7 +982,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) struct security_descriptor *sd; struct dom_sid *sid = NULL; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); - bool userPassword = dsdb_user_password_support(module, req, req); + bool userPassword; TALLOC_CTX *tmp_ctx = talloc_new(req); static const char *acl_attrs[] = { "nTSecurityDescriptor", @@ -1017,6 +1017,8 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req) goto fail; } + userPassword = dsdb_user_password_support(module, req, req); + schema = dsdb_get_schema(ldb, tmp_ctx); if (!schema) { talloc_free(tmp_ctx); @@ -1661,7 +1663,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses"); ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective"); ac->sDRightsEffective = ldb_attr_in_list(req->op.search.attrs, "sDRightsEffective"); - ac->userPassword = dsdb_user_password_support(module, ac, req); + ac->userPassword = true; ac->schema = dsdb_get_schema(ldb, ac); ac->constructed_attrs |= ac->allowedAttributes; @@ -1681,6 +1683,10 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + if (!ac->am_system) { + ac->userPassword = dsdb_user_password_support(module, ac, req); + } + ret = acl_search_update_confidential_attrs(ac, data); if (ret != LDB_SUCCESS) { return ret;