DSDB-ACL work
Andrew Bartlett
abartlet at samba.org
Fri Jan 18 00:17:15 MST 2013
On Fri, 2013-01-18 at 12:52 +1100, Andrew Bartlett wrote:
> On Thu, 2013-01-17 at 16:32 +0100, Stefan (metze) Metzmacher wrote:
> > Hi Andrew,
> >
> > can you have a look at my progress the work to correct the dsdb acl
> > handling,
> > it's based on your patches, but reworked in some details to make then
> > easier to
> > understand.
> >
> > https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master-ready
> >
> > I use acl_check_access_on_attribute() in a few more places and introduced
> > a acl_check_access_on_objectclass() function.
> >
> > I haven't done much testing with it yet, but I expect it to work as
> > desired now.
>
> Thank you so much for working on that. I've read over them, and it
> seems reasonable, but I need to do more of a review.
>
> What is missing is a test for the read ACL stuff, that starts to work
> after the pre-windows 2000 compatible access patch goes in.
>
> I also need to run a wintest (given it did so well as finding ACL bugs
> in the past). I'll start that now, hopefully it is in a good mood :-)
I've run wintest, and a Windows 2003 domain join fails. I'll send you
the network trace by private mail, but essentially a SetUserInfo now
fails with NT_STATUS_UNSUCCESSFUL, when it doesn't with master.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list