s4: LSA objects handling in LDAP and "ldb_req_is_untrusted"
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Jan 14 14:05:03 MST 2011
Here a patch proposal for flag passing from parent requests to childs.
Matthias Dieter Wallnöfer wrote:
> Dochelp (Hongwei Sun) and I have finished the investigation about the
> protected LSA objects (e.g. trusted domains). As a conclusion they're
> protected on LDAP adds and LDAP modifies but not on LDAP deletes.
>
> In order to achieve this, I would like to propose the following patch:
> http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=commitdiff;h=8ecc3f1ca699668dfeb3c5991c7270fdbe20979a.
>
> But this alone doesn't work due to the call of "ldb_req_is_untrusted"
> on a child request and not the original LDAP one.
>
> So what could we do to be able to know if also child requests from an
> untrusted request are untrusted as well?
>
> Cheers,
> Matthias
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110114/7cd8ee93/attachment.ksh>
More information about the samba-technical
mailing list