From 677e0fb9659abe1ad684dd980d61b88caad9f8a2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 4 Dec 2008 15:40:31 +0100 Subject: s4:kludge_acl: allow everybody to read the sequence number metze --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6acbf45afd..97179a8126 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -417,6 +417,32 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) } } +static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *req) +{ + enum security_user_level user_type; + + /* allow everybody to read the sequence number */ + if (strcmp(req->op.extended.oid, + LDB_EXTENDED_SEQUENCE_NUMBER) == 0) { + return ldb_next_request(module, req); + } + + user_type = what_is_user(module); + + switch (user_type) { + case SECURITY_SYSTEM: + case SECURITY_ADMINISTRATOR: + return ldb_next_request(module, req); + default: + ldb_asprintf_errstring(module->ldb, + "kludge_acl_change: " + "attempted database modify not permitted. " + "User %s is not SYSTEM or an administrator", + user_name(req, module)); + return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; + } +} + static int kludge_acl_init(struct ldb_module *module) { int ret, i; @@ -494,6 +520,6 @@ _PUBLIC_ const struct ldb_module_ops ldb_kludge_acl_module_ops = { .modify = kludge_acl_change, .del = kludge_acl_change, .rename = kludge_acl_change, - .extended = kludge_acl_change, + .extended = kludge_acl_extended, .init_context = kludge_acl_init }; -- cgit From 0f74de3d37cdb03f622d9cdc1cdcc4aa6ede5ce3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Dec 2008 13:29:58 +0100 Subject: s4:password_hash: really catch the clearTextPasswordAttr case... This fixes the creation of the user object for incoming trusts in dcesrv_lsa_CreateTrustedDomain_base(). And now w2k3 trust samba4 just fine:-) metze --- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index cef1bf79f7..1707baba58 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1641,7 +1641,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); - if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { + if ((!sambaAttr) && (!clearTextPasswordAttr) && (!ntAttr) && (!lmAttr)) { return ldb_next_request(module, req); } -- cgit