s4: problems with DSDB_TRU
abartlet at samba.org
Thu Feb 3 02:11:20 MST 2011
On Thu, 2011-02-03 at 10:54 +0200, Nadezhda Ivanova wrote:
> Hi Tridge,
> It appears that this patch:
> made it so all requests - internal and external - are now by default
> untrusted, unless the DSDB_TRUSTED_FLAG is provided.
The idea with that patch is that a request is only as trusted as it's
parent. The problem previously was that all requests where marked as
trusted, as soon as they were modified by any module.
> I agree that it is best
> to be paranoid, but the acl_read module counts on the trustedness of the
> request to decide whether to apply access checks. Before it was only the
> ldap server that marked the requests untrusted so we knew to only check and
> filter out external requests based on this flag. Something like this:
That looks wrong. We should only add that flag when we carefully
control the input parameters (such as reading internal records where the
client can't influence things).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical