diff options
author | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-09-21 17:27:50 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-09-21 17:27:50 -0700 |
commit | 10c6f3f71a4fe3e36e2a0476dc0077187371fafb (patch) | |
tree | 927a846bae4922c8eb6dea848479ddcd54814a21 /source4/dsdb/samdb/ldb_modules/kludge_acl.c | |
parent | 13b979b03d86f3ae43dc5fd539fa5d3f22f579a0 (diff) | |
download | samba-10c6f3f71a4fe3e36e2a0476dc0077187371fafb.tar.gz samba-10c6f3f71a4fe3e36e2a0476dc0077187371fafb.tar.bz2 samba-10c6f3f71a4fe3e36e2a0476dc0077187371fafb.zip |
Initial Implementation of the DS objects access checks.
Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified.
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/kludge_acl.c')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/kludge_acl.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 15db491171..34f848de8a 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -35,6 +35,7 @@ #include "auth/auth.h" #include "libcli/security/security.h" #include "dsdb/samdb/samdb.h" +#include "param/param.h" /* Kludge ACL rules: * @@ -46,6 +47,7 @@ struct kludge_private_data { const char **password_attrs; + bool acl_perform; }; static enum security_user_level what_is_user(struct ldb_module *module) @@ -325,6 +327,9 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) data = talloc_get_type(ldb_module_get_private(module), struct kludge_private_data); + if (data && data->acl_perform) + return ldb_next_request(module, req); + ac->module = module; ac->req = req; ac->user_type = what_is_user(module); @@ -397,6 +402,12 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); enum security_user_level user_type = what_is_user(module); + struct kludge_private_data *data = talloc_get_type(ldb_module_get_private(module), + struct kludge_private_data); + + if (data->acl_perform) + return ldb_next_request(module, req); + switch (user_type) { case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: @@ -459,6 +470,8 @@ static int kludge_acl_init(struct ldb_module *module) } data->password_attrs = NULL; + data->acl_perform = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"), + NULL, "acl", "perform", false); ldb_module_set_private(module, data); if (!mem_ctx) { |