s4:dsdb/acl: fix search filter cleanup for password attributes

author Stefan Metzmacher <metze@samba.org>

Fri, 9 Nov 2012 10:25:21 +0000 (11:25 +0100)

committer Andrew Bartlett <abartlet@samba.org>

Sun, 11 Nov 2012 22:42:21 +0000 (09:42 +1100)
author Stefan Metzmacher <metze@samba.org>
Fri, 9 Nov 2012 10:25:21 +0000 (11:25 +0100)
committer Andrew Bartlett <abartlet@samba.org>
Sun, 11 Nov 2012 22:42:21 +0000 (09:42 +1100)
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c

index 843d17e5d1410b7a2b14109bcefd224c4ca9bdb9..05926fb01b387d5582c479b46ec82b8554f509bc 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -1499,7 +1499,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
         /* replace any attributes in the parse tree that are private,
            so we don't allow a search for 'userPassword=penguin',
            just as we would not allow that attribute to be returned */
-       if (ac->am_system) {
+       if (!ac->am_system) {
                 /* FIXME: We should copy the tree and keep the original unmodified. */
                 /* remove password attributes */
                 if (data && data->password_attrs) {
author	Stefan Metzmacher <metze@samba.org>
	Fri, 9 Nov 2012 10:25:21 +0000 (11:25 +0100)
committer	Andrew Bartlett <abartlet@samba.org>
	Sun, 11 Nov 2012 22:42:21 +0000 (09:42 +1100)