From 990448b4997d1a2423e5dd4da1e37ad51f99bf3a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 18 Nov 2012 18:57:03 +0100 Subject: s4:dsdb/acl_read: enable acl checking on search by default (bug #8620) Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam --- selftest/knownfail | 8 -------- selftest/target/Samba4.pm | 3 --- source4/dsdb/samdb/ldb_modules/acl.c | 2 +- source4/dsdb/samdb/ldb_modules/acl_read.c | 2 +- 4 files changed, 2 insertions(+), 13 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index 953056e621..e3341e9590 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -133,7 +133,6 @@ ^samba4.smb2.acls.*.generic ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner -^samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default ^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items #^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.* ^samba4.drs.fsmo.python @@ -158,13 +157,6 @@ ^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess ^samba4.smb2.getinfo.getinfo # streams on directories does not work ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ -^samba4.ldap.acl.*.AclSearchTests.test_search_anonymous3\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search1\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search2\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search3\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search4\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search5\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search6\(.*\)$ # ACL search behaviour not enabled by default ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 ^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change ^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 20114c9541..5988b83642 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -559,11 +559,8 @@ sub provision_raw_step1($$) warn("can't open $ctx->{smb_conf}$?"); return undef; } - my $acl = "false"; - $acl = "true" if (defined $ENV{WITH_ACL}); print CONFFILE " [global] - acl:search = $acl netbios name = $ctx->{netbiosname} posix:eadb = $ctx->{statedir}/eadb.tdb workgroup = $ctx->{domain} diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 50af3b2ed4..2cc028f592 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -101,7 +101,7 @@ static int acl_module_init(struct ldb_module *module) } data->acl_search = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), - NULL, "acl", "search", false); + NULL, "acl", "search", true); ldb_module_set_private(module, data); mem_ctx = talloc_new(module); diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 60b0d87d95..92744f28ba 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -397,7 +397,7 @@ static int aclread_init(struct ldb_module *module) if (p == NULL) { return ldb_module_oom(module); } - p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", false); + p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", true); ldb_module_set_private(module, p); return ldb_next_init(module); } -- cgit