diff options
| author | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-09-19 21:45:07 -0700 |
|---|---|---|
| committer | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-09-20 14:07:16 -0700 |
| commit | ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f (patch) | |
| tree | e01aa0906aea70d5dde912fdbd39e1857d093a34 /source4 | |
| parent | 3c5d7639624f6a82e75328e30dfd89e8ae728c55 (diff) | |
| download | samba-ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f.tar.gz samba-ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f.tar.bz2 samba-ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f.zip | |
Disable descriptor module unless enabled in smb.conf
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index e74a93c279..7b5b700916 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -42,6 +42,10 @@ #include "auth/auth.h" #include "param/param.h" +struct descriptor_data { + bool inherit; +}; + struct descriptor_context { struct ldb_module *module; struct ldb_request *req; @@ -395,10 +399,15 @@ static int descriptor_add(struct ldb_module *module, struct ldb_request *req) struct descriptor_context *ac; struct ldb_dn *parent_dn; int ret; + struct descriptor_data *data; static const char * const descr_attrs[] = { "nTSecurityDescriptor", NULL }; + data = talloc_get_type(ldb_module_get_private(module), struct descriptor_data); ldb = ldb_module_get_ctx(module); + if (!data->inherit) + return ldb_next_request(module, req); + ldb_debug(ldb, LDB_DEBUG_TRACE, "descriptor_add\n"); if (ldb_dn_is_special(req->op.add.message->dn)) { @@ -452,11 +461,31 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } +static int descriptor_init(struct ldb_module *module) +{ + struct ldb_context *ldb; + struct descriptor_data *data; + + ldb = ldb_module_get_ctx(module); + data = talloc(module, struct descriptor_data); + if (data == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + data->inherit = lp_parm_bool(ldb_get_opaque(ldb, "loadparm"), + NULL, "acl", "inheritance", false); + ldb_module_set_private(module, data); + return ldb_next_init(module); +} + + _PUBLIC_ const struct ldb_module_ops ldb_descriptor_module_ops = { .name = "descriptor", .add = descriptor_add, .modify = descriptor_modify, .rename = descriptor_rename, + .init_context = descriptor_init }; |