s4:dsdb:acl: Fix LDB flags comparison

LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to

(el->flags & LDB_FLAG_MOD_MASK) == 0

which is only true if none of the LDB_FLAG_MOD_* values are set, so we
would not successfully return if the element was a DELETE. Correct the
expression to what it was intended to be.

Commit 99b805e4cbeec232c65adb1a6f3fb326b55c4496 fixed a similar issue.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 93e580cdd0265451f3643e33455a8ef1573f3733..cf33ee64d7686fdab4db5dce0220e4b46b93c18c 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -936,8 +936,8 @@ static int acl_check_dns_host_name(TALLOC_CTX *mem_ctx,
                 * If not add or replace (eg delete),
                 * return success
                 */
-               if ((el->flags
-                    & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE)) == 0)
+               if (LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_ADD &&
+                   LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_REPLACE)
                {
                        talloc_free(tmp_ctx);
                        return LDB_SUCCESS;