diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-18 18:57:03 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:20 +0100 |
commit | 990448b4997d1a2423e5dd4da1e37ad51f99bf3a (patch) | |
tree | 7b441e938a938fda87c8ed506d155c5b43fcd5e2 | |
parent | fa676769e0d5d3f161b295f06f643fdacebb82ca (diff) | |
download | samba-990448b4997d1a2423e5dd4da1e37ad51f99bf3a.tar.gz samba-990448b4997d1a2423e5dd4da1e37ad51f99bf3a.tar.bz2 samba-990448b4997d1a2423e5dd4da1e37ad51f99bf3a.zip |
s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | selftest/knownfail | 8 | ||||
-rw-r--r-- | selftest/target/Samba4.pm | 3 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 2 |
4 files changed, 2 insertions, 13 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 953056e621..e3341e9590 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -133,7 +133,6 @@ ^samba4.smb2.acls.*.generic ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner -^samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default ^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items #^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.* ^samba4.drs.fsmo.python @@ -158,13 +157,6 @@ ^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess ^samba4.smb2.getinfo.getinfo # streams on directories does not work ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ -^samba4.ldap.acl.*.AclSearchTests.test_search_anonymous3\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search1\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search2\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search3\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search4\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search5\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search6\(.*\)$ # ACL search behaviour not enabled by default ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 ^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change ^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 20114c9541..5988b83642 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -559,11 +559,8 @@ sub provision_raw_step1($$) warn("can't open $ctx->{smb_conf}$?"); return undef; } - my $acl = "false"; - $acl = "true" if (defined $ENV{WITH_ACL}); print CONFFILE " [global] - acl:search = $acl netbios name = $ctx->{netbiosname} posix:eadb = $ctx->{statedir}/eadb.tdb workgroup = $ctx->{domain} diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 50af3b2ed4..2cc028f592 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -101,7 +101,7 @@ static int acl_module_init(struct ldb_module *module) } data->acl_search = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), - NULL, "acl", "search", false); + NULL, "acl", "search", true); ldb_module_set_private(module, data); mem_ctx = talloc_new(module); diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 60b0d87d95..92744f28ba 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -397,7 +397,7 @@ static int aclread_init(struct ldb_module *module) if (p == NULL) { return ldb_module_oom(module); } - p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", false); + p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", true); ldb_module_set_private(module, p); return ldb_next_init(module); } |