s4: LSA objects handling in LDAP and "ldb_req_is_untrusted"
Matthias Dieter Wallnöfer
mdw at samba.org
Tue Dec 21 05:00:37 MST 2010
Dochelp (Hongwei Sun) and I have finished the investigation about the
protected LSA objects (e.g. trusted domains). As a conclusion they're
protected on LDAP adds and LDAP modifies but not on LDAP deletes.
In order to achieve this, I would like to propose the following patch:
http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=commitdiff;h=8ecc3f1ca699668dfeb3c5991c7270fdbe20979a.
But this alone doesn't work due to the call of "ldb_req_is_untrusted" on
a child request and not the original LDAP one.
So what could we do to be able to know if also child requests from an
untrusted request are untrusted as well?
Cheers,
Matthias
More information about the samba-technical
mailing list