s4: problems with DSDB_TRU

Nadezhda Ivanova nivanova at samba.org
Thu Feb 3 01:54:10 MST 2011

Hi Tridge,
It appears that this patch:
made it so all requests - internal and external - are now by default
untrusted, unless the DSDB_TRUSTED_FLAG is provided. I agree that it is best
to be paranoid, but the acl_read module counts on the trustedness of the
request to decide whether to apply access checks. Before it was only the
ldap server that marked the requests untrusted so we knew to only check and
filter out external requests based on this flag. Something like this:

However, now the acl_read module is also checking and hiding attributes and
entries from internal requests, and that messes up tests when it is enabled.
I kind of fixed this my marking explicitly all internal requests as trusted
in the modules preceding acl_read, but it does not seem to be the right way.
For one thing, it will be very easy to forget to set that flag if a new
module is introduced or moved, and as most people write tests as the
Administrator, problems caused by this will not be noticed until too late.
Is there any particular reason for all requests to be untrusted? Can we
introduce some functions to be used always internally so that we always mark
internal requests as trusted?


More information about the samba-technical mailing list