DSDB-ACL work

Stefan (metze) Metzmacher metze at samba.org
Fri Jan 18 02:00:22 MST 2013


Am 18.01.2013 08:17, schrieb Andrew Bartlett:
> On Fri, 2013-01-18 at 12:52 +1100, Andrew Bartlett wrote:
>> On Thu, 2013-01-17 at 16:32 +0100, Stefan (metze) Metzmacher wrote:
>>> Hi Andrew,
>>>
>>> can you have a look at my progress the work to correct the dsdb acl
>>> handling,
>>> it's based on your patches, but reworked in some details to make then
>>> easier to
>>> understand.
>>>
>>> https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master-ready
>>>
>>> I use acl_check_access_on_attribute() in a few more places and introduced
>>> a acl_check_access_on_objectclass() function.
>>>
>>> I haven't done much testing with it yet, but I expect it to work as
>>> desired now.
>>
>> Thank you so much for working on that.  I've read over them, and it
>> seems reasonable, but I need to do more of a review.
>>
>> What is missing is a test for the read ACL stuff, that starts to work
>> after the pre-windows 2000 compatible access patch goes in.
>>
>> I also need to run a wintest (given it did so well as finding ACL bugs
>> in the past).  I'll start that now, hopefully it is in a good mood :-)
> 
> I've run wintest, and a Windows 2003 domain join fails.  I'll send you
> the network trace by private mail, but essentially a SetUserInfo now
> fails with NT_STATUS_UNSUCCESSFUL, when it doesn't with master.

Ok, make test also showed that.

The problem was the missing exception for "clearTextPassword" in
https://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=c7e635413f6c963106

I've update the master-ready branch.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130118/b22ccdec/attachment.pgp>


More information about the samba-technical mailing list