diff options
| author | Matthieu Patou <mat@matws.net> | 2012-12-30 02:27:25 -0800 |
|---|---|---|
| committer | Matthieu Patou <mat@matws.net> | 2013-01-17 00:20:45 -0800 |
| commit | a0c59b4da1c5d8637c92e65c7cf54bb82bc8fca5 (patch) | |
| tree | 2c1485456cf2fbbb280d1379b5ddb7f0c24207b8 /source4/dsdb/samdb | |
| parent | 961a1fbbbccb7fbb14634ec230985f3fd000b050 (diff) | |
| download | samba-a0c59b4da1c5d8637c92e65c7cf54bb82bc8fca5.tar.gz samba-a0c59b4da1c5d8637c92e65c7cf54bb82bc8fca5.tar.bz2 samba-a0c59b4da1c5d8637c92e65c7cf54bb82bc8fca5.zip | |
dsdb-acl: Do not apply ACL on special DNs to hide attributes that the user shouldn't see
This fix frequent reindexing when using python script with a
user that is not system.
The reindexing is caused by ACL module hidding (removing) attributes in
the search request for all attributes in dn=@ATTRIBUTES and because
dsdb_schema_set_indices_and_attributes checks that the list of
attributes that it just calculated from the schema is the same as the
list written in @ATTRIBUTES, if not the list is replaced and a
reindexing is triggered.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index e5597710e8..2504568764 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1644,6 +1644,10 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req) int ret; unsigned int i; + if (ldb_dn_is_special(req->op.search.base)) { + return ldb_next_request(module, req); + } + ldb = ldb_module_get_ctx(module); ac = talloc_zero(req, struct acl_context); |