summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-18 18:57:03 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:20 +0100
commit990448b4997d1a2423e5dd4da1e37ad51f99bf3a (patch)
tree7b441e938a938fda87c8ed506d155c5b43fcd5e2
parentfa676769e0d5d3f161b295f06f643fdacebb82ca (diff)
downloadsamba-990448b4997d1a2423e5dd4da1e37ad51f99bf3a.tar.gz
samba-990448b4997d1a2423e5dd4da1e37ad51f99bf3a.tar.bz2
samba-990448b4997d1a2423e5dd4da1e37ad51f99bf3a.zip
s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--selftest/knownfail8
-rw-r--r--selftest/target/Samba4.pm3
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_read.c2
4 files changed, 2 insertions, 13 deletions
diff --git a/selftest/knownfail b/selftest/knownfail
index 953056e621..e3341e9590 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -133,7 +133,6 @@
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
-^samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default
^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
#^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.*
^samba4.drs.fsmo.python
@@ -158,13 +157,6 @@
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.getinfo.getinfo # streams on directories does not work
^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
-^samba4.ldap.acl.*.AclSearchTests.test_search_anonymous3\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search1\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search2\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search3\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search4\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search5\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search6\(.*\)$ # ACL search behaviour not enabled by default
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change
^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 20114c9541..5988b83642 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -559,11 +559,8 @@ sub provision_raw_step1($$)
warn("can't open $ctx->{smb_conf}$?");
return undef;
}
- my $acl = "false";
- $acl = "true" if (defined $ENV{WITH_ACL});
print CONFFILE "
[global]
- acl:search = $acl
netbios name = $ctx->{netbiosname}
posix:eadb = $ctx->{statedir}/eadb.tdb
workgroup = $ctx->{domain}
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 50af3b2ed4..2cc028f592 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -101,7 +101,7 @@ static int acl_module_init(struct ldb_module *module)
}
data->acl_search = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"),
- NULL, "acl", "search", false);
+ NULL, "acl", "search", true);
ldb_module_set_private(module, data);
mem_ctx = talloc_new(module);
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 60b0d87d95..92744f28ba 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -397,7 +397,7 @@ static int aclread_init(struct ldb_module *module)
if (p == NULL) {
return ldb_module_oom(module);
}
- p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", false);
+ p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", true);
ldb_module_set_private(module, p);
return ldb_next_init(module);
}