s4:Disabling read access for anonymous
nivanova at samba.org
Thu Jul 15 15:11:22 MDT 2010
Today I experimentally made read access for unauthenticated users dependent
on dsHeuristics. By default, ANONYMOUS should have access only to rootDSE,
other searches are denied. I did the check in root dse, but I will probably
move it. So, just as I feared, the results in make test were catastrophic.
ldap.ldb tests failed, also a lot of the samr tests. The reason is that
these need access to some data in ldb, and they use anonymous connection.
For samr it was dcesrv_samr_QueryDomainInfo, for the ldap server
ldapsrv_load_limits kept complaining, and other tests. I am sure that we
might get lots of the same errors when regular search access checks are
implemented and we restrict access. So we will need some way to skip acl
checks when the database is accessed internally.
My current idea is the following:
Use the as_system control (which I hate) or some other, and modify the
gendb_search apis to always supply this control. Also add a separate
function for the ldap server that uses it, for the purposes of retrieving
these parameters. Add an acl_search module to handle the search checks, and
put it immediately under root dse, so the other modules of the stack don't
have to bother using the control. I believe this will solve a lot of the
problems and still allow us to have the proper behavior, and given that its
reading and not writing, its not so risky.
What do you guys think?
More information about the samba-technical