s4: problems with DSDB_TRU

Andrew Bartlett abartlet at samba.org
Thu Feb 3 02:11:20 MST 2011

On Thu, 2011-02-03 at 10:54 +0200, Nadezhda Ivanova wrote:
> Hi Tridge,
> It appears that this patch:
> http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=87f31510475c6debd56ff874130f4f5d48bef9a5#patch23
> made it so all requests - internal and external - are now by default
> untrusted, unless the DSDB_TRUSTED_FLAG is provided. 

The idea with that patch is that a request is only as trusted as it's
parent.  The problem previously was that all requests where marked as
trusted, as soon as they were modified by any module.

> I agree that it is best
> to be paranoid, but the acl_read module counts on the trustedness of the
> request to decide whether to apply access checks. Before it was only the
> ldap server that marked the requests untrusted so we knew to only check and
> filter out external requests based on this flag. Something like this:
> http://gitweb.samba.org/?p=nivanova/samba.git;a=commit;h=ba06cdb413de29fe3e33ef9891dcf61c25cfbbbe

That looks wrong.  We should only add that flag when we carefully
control the input parameters (such as reading internal records where the
client can't influence things). 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

More information about the samba-technical mailing list