From 2916313f8016720fb36180db341efbf7b91522f6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 21 Nov 2012 12:33:35 +0100
Subject: [PATCH] s4:dsdb/acl_util: add dsdb_request_sd_flags() helper function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 source4/dsdb/samdb/ldb_modules/acl_util.c | 37 +++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index c25979de8d2..aa7e1aa1d67 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -202,3 +202,40 @@ const char *acl_user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module)
 			       session_info->info->domain_name,
 			       session_info->info->account_name);
 }
+
+uint32_t dsdb_request_sd_flags(struct ldb_request *req, bool *explicit)
+{
+	struct ldb_control *sd_control;
+	uint32_t sd_flags = 0;
+
+	if (explicit) {
+		*explicit = false;
+	}
+
+	sd_control = ldb_request_get_control(req, LDB_CONTROL_SD_FLAGS_OID);
+	if (sd_control) {
+		struct ldb_sd_flags_control *sdctr = (struct ldb_sd_flags_control *)sd_control->data;
+
+		sd_flags = sdctr->secinfo_flags;
+
+		if (explicit) {
+			*explicit = true;
+		}
+
+		/* mark it as handled */
+		sd_control->critical = 0;
+	}
+
+	/* we only care for the last 4 bits */
+	sd_flags &= 0x0000000F;
+
+	/*
+	 * MS-ADTS 3.1.1.3.4.1.11 says that no bits
+	 * equals all 4 bits
+	 */
+	if (sd_flags == 0) {
+		sd_flags = 0xF;
+	}
+
+	return sd_flags;
+}
-- 
2.11.4.GIT