From a8eec313549905724a8186a1a4c14480658e2967 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 21:04:32 +0000 Subject: r12746: An initial version of the kludge_acls module. This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78) --- source4/setup/provision | 4 ++-- source4/setup/provision_init.ldif | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 51e62016a8..6974afeec9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -114,10 +114,10 @@ if (!provision_validate(subobj, message)) { } var creds = options.get_credentials(); +var system_session = system_session(); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -message("Credentials: %s\n", creds); -provision(subobj, message, blank, provision_default_paths(subobj), NULL, creds); +provision(subobj, message, blank, provision_default_paths(subobj), system_session, creds); message("All OK\n"); return 0; diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 6d452a17e7..db532f3078 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -69,5 +69,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,paged_results,server_sort,extended_dn,samldb,password_hash,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,samldb,password_hash,operational,objectguid,rdn_name,objectclass -- cgit