summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/acl_read.c
AgeCommit message (Collapse)AuthorFilesLines
2011-05-21s4-dsdb: relax a bit the checks on read acl when dirsync control is specifiedMatthieu Patou1-12/+42
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-15s4-dsdb: Add more information on why we don't check the SD controlMatthieu Patou1-0/+5
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104
2011-04-15s4-dsdb: If current attribute list is empty use the one from the requestMatthieu Patou1-1/+1
This will avoid overwritting attribute list made by upper modules. Signed-off-by: Nadezhda Ivanova <nivanova@samba.org>
2011-03-20dsdb: read acl, sd can be null and ret == LDB_SUCCESSMatthieu Patou1-1/+1
2011-03-20dsdb: acl_read fix a missed talloc_stealMatthieu Patou1-0/+1
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell1-3/+3
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-08s4-acl: Replaced talloc_reference with talloc_steal, as aclread is the only ↵Nadezhda Ivanova1-6/+3
one using this result message. No need to reference as no one further up the stack uses the result, it is the result of a secondary request sent by aclread. As a result from code review by Kamen Mazdrashki and Anatoliy Atanasov Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 8 15:01:51 CET 2010 on sn-devel-104
2010-12-08s4-acl: Changed the mechanism of attribute removal to speed it up.Nadezhda Ivanova1-41/+88
Instead of using ldb_msg_remove_attr, now we are flagging the attributes to be removed, and allocating the new elements array to be returned at once. This seems to decrease the overhead by 50 percent. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 8 12:00:27 CET 2010 on sn-devel-104
2010-12-06s4-acl: Remove unused variables from aclread module.Nadezhda Ivanova1-8/+0
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Dec 6 16:48:35 CET 2010 on sn-devel-104
2010-12-06s4:acl_read LDB module - fix attributes listMatthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Dec 6 15:11:44 CET 2010 on sn-devel-104
2010-12-06s4-acl: Some optimisation of the aclread moduleNadezhda Ivanova1-58/+75
Modified the aclread module to now insert the attributes needed to perform access checks in the same request, instead of doind a separate search per entry. Also, instanceType is now used to determine id the object has a parent instead of parentGUID, which saves one additional search in operational. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Dec 6 13:50:19 CET 2010 on sn-devel-104
2010-11-26s4-dsdb Remove rootDSE and anonymous checks from acl_readAndrew Bartlett1-15/+0
The rootdse module handles rootDSE requests, and blocks anonymous access, so we on't need to do it again here. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Nov 26 00:36:19 CET 2010 on sn-devel-104
2010-11-26s4-dsdb Remove mem_ctx argument from dsdb_module_find_dsheuristics().Andrew Bartlett1-1/+1
A function that does not return memory should not take a memory context. Andrew Bartlett
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-27s4-ldb: Added the correct extended check for read access to nTSecurityDescriptorNadezhda Ivanova1-1/+1
It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
2010-10-27s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova1-6/+5
determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
2010-10-03s4:acl_read LDB module - fix counter typeMatthias Dieter Wallnöfer1-1/+2
2010-09-26s4-ldbmodules: Added new module aclread to handle access checks on LDAP searchNadezhda Ivanova1-0/+307
It is currently enabled only if the request comes from the LDAP server, and is disabled by default. Use acl:search=true in smb.conf to enable it. It filters out all objects the user is not allowed to see, and all attributes the user does not have RP on. Extended access not supported yet.