s4: problems with DSDB_TRU

Andrew Bartlett abartlet at samba.org
Thu Feb 3 02:11:20 MST 2011


On Thu, 2011-02-03 at 10:54 +0200, Nadezhda Ivanova wrote:
> Hi Tridge,
> It appears that this patch:
> http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=87f31510475c6debd56ff874130f4f5d48bef9a5#patch23
> made it so all requests - internal and external - are now by default
> untrusted, unless the DSDB_TRUSTED_FLAG is provided. 

The idea with that patch is that a request is only as trusted as it's
parent.  The problem previously was that all requests where marked as
trusted, as soon as they were modified by any module.

> I agree that it is best
> to be paranoid, but the acl_read module counts on the trustedness of the
> request to decide whether to apply access checks. Before it was only the
> ldap server that marked the requests untrusted so we knew to only check and
> filter out external requests based on this flag. Something like this:
> http://gitweb.samba.org/?p=nivanova/samba.git;a=commit;h=ba06cdb413de29fe3e33ef9891dcf61c25cfbbbe

That looks wrong.  We should only add that flag when we carefully
control the input parameters (such as reading internal records where the
client can't influence things). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.



More information about the samba-technical mailing list