Need a change to the ACL code
Andrew Bartlett
abartlet at samba.org
Tue Mar 2 13:38:47 MST 2010
On Tue, 2010-03-02 at 15:53 +0200, Nadezhda Ivanova wrote:
> Hi Andrew,
> If I understand correctly, the problem is the acl module will no
> longer receive "rename" requests and therefore cannot handle them?
> One possible solution - the easiest and fastest one - would be to
> split the acl module so that we have a separate rename part, which can
> go under rdn. I can do that and test it easily. Another way is to
> implement some sort of API for ACL checking. It would solve the module
> stack issue, but the checks will be scattered around too much in the
> code. What do you think?
No, it's actually the opposite. At the moment, there is no need to
check that the RDN is permitted to be modified, because a rename will
also have a 'modify' directly before or after it, in the same
transaction.
Now, the rename will not have that associated modify when it passes
though the ACL module.
I'm sorry if I wasn't clear - it's a difficult change to explain :-(
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100303/16c3ce9d/attachment.pgp>
More information about the samba-technical
mailing list