summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>2009-09-19 21:45:07 -0700
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>2009-09-20 14:07:16 -0700
commitae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f (patch)
treee01aa0906aea70d5dde912fdbd39e1857d093a34
parent3c5d7639624f6a82e75328e30dfd89e8ae728c55 (diff)
downloadsamba-ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f.tar.gz
samba-ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f.tar.bz2
samba-ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f.zip
Disable descriptor module unless enabled in smb.conf
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index e74a93c279..7b5b700916 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -42,6 +42,10 @@
#include "auth/auth.h"
#include "param/param.h"
+struct descriptor_data {
+ bool inherit;
+};
+
struct descriptor_context {
struct ldb_module *module;
struct ldb_request *req;
@@ -395,10 +399,15 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req)
struct descriptor_context *ac;
struct ldb_dn *parent_dn;
int ret;
+ struct descriptor_data *data;
static const char * const descr_attrs[] = { "nTSecurityDescriptor", NULL };
+ data = talloc_get_type(ldb_module_get_private(module), struct descriptor_data);
ldb = ldb_module_get_ctx(module);
+ if (!data->inherit)
+ return ldb_next_request(module, req);
+
ldb_debug(ldb, LDB_DEBUG_TRACE, "descriptor_add\n");
if (ldb_dn_is_special(req->op.add.message->dn)) {
@@ -452,11 +461,31 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
+static int descriptor_init(struct ldb_module *module)
+{
+ struct ldb_context *ldb;
+ struct descriptor_data *data;
+
+ ldb = ldb_module_get_ctx(module);
+ data = talloc(module, struct descriptor_data);
+ if (data == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ data->inherit = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"),
+ NULL, "acl", "inheritance", false);
+ ldb_module_set_private(module, data);
+ return ldb_next_init(module);
+}
+
+
_PUBLIC_ const struct ldb_module_ops ldb_descriptor_module_ops = {
.name = "descriptor",
.add = descriptor_add,
.modify = descriptor_modify,
.rename = descriptor_rename,
+ .init_context = descriptor_init
};