From a8eec313549905724a8186a1a4c14480658e2967 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 21:04:32 +0000 Subject: r12746: An initial version of the kludge_acls module. This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78) --- source4/lib/ldb/common/ldb_modules.c | 1 + source4/lib/ldb/common/ldb_msg.c | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/lib/ldb') diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 715112a628..f83f0b06ef 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -141,6 +141,7 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) { "rootdse", rootdse_module_init }, { "extended_dn", extended_dn_module_init }, { "password_hash", password_hash_module_init }, + { "kludge_acl", kludge_acl_module_init }, #endif { NULL, NULL } }; diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c index 269599818c..deb32133c1 100644 --- a/source4/lib/ldb/common/ldb_msg.c +++ b/source4/lib/ldb/common/ldb_msg.c @@ -623,11 +623,13 @@ int ldb_msg_copy_attr(struct ldb_message *msg, const char *attr, const char *rep void ldb_msg_remove_attr(struct ldb_message *msg, const char *attr) { struct ldb_message_element *el = ldb_msg_find_element(msg, attr); - int n = (el - msg->elements); - if (n != msg->num_elements-1) { - memmove(el, el+1, ((msg->num_elements-1) - n)*sizeof(*el)); + if (el) { + int n = (el - msg->elements); + if (n != msg->num_elements-1) { + memmove(el, el+1, ((msg->num_elements-1) - n)*sizeof(*el)); + } + msg->num_elements--; } - msg->num_elements--; } /* -- cgit