From: Stefan Metzmacher Date: Sun, 18 Nov 2012 17:57:03 +0000 (+0100) Subject: s4:dsdb/acl_read: enable acl checking on search by default (bug #8620) X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=39b425ac31a4497c162ffb29ccc92dbca95def69 s4:dsdb/acl_read: enable acl checking on search by default (bug #8620) Signed-off-by: Stefan Metzmacher --- diff --git a/selftest/knownfail b/selftest/knownfail index 953056e621e0..e3341e959018 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -133,7 +133,6 @@ ^samba4.smb2.acls.*.generic ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner -^samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default ^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items #^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.* ^samba4.drs.fsmo.python @@ -158,13 +157,6 @@ ^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess ^samba4.smb2.getinfo.getinfo # streams on directories does not work ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ -^samba4.ldap.acl.*.AclSearchTests.test_search_anonymous3\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search1\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search2\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search3\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search4\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search5\(.*\)$ # ACL search behaviour not enabled by default -^samba4.ldap.acl.*.AclSearchTests.test_search6\(.*\)$ # ACL search behaviour not enabled by default ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 ^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change ^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 20114c9541e3..5988b8364253 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -559,11 +559,8 @@ sub provision_raw_step1($$) warn("can't open $ctx->{smb_conf}$?"); return undef; } - my $acl = "false"; - $acl = "true" if (defined $ENV{WITH_ACL}); print CONFFILE " [global] - acl:search = $acl netbios name = $ctx->{netbiosname} posix:eadb = $ctx->{statedir}/eadb.tdb workgroup = $ctx->{domain} diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index c7a40778b452..853fa20902e0 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -101,7 +101,7 @@ static int acl_module_init(struct ldb_module *module) } data->acl_search = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), - NULL, "acl", "search", false); + NULL, "acl", "search", true); ldb_module_set_private(module, data); mem_ctx = talloc_new(module); diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 60b0d87d9523..92744f28ba77 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -397,7 +397,7 @@ static int aclread_init(struct ldb_module *module) if (p == NULL) { return ldb_module_oom(module); } - p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", false); + p->enabled = lpcfg_parm_bool(ldb_get_opaque(ldb, "loadparm"), NULL, "acl", "search", true); ldb_module_set_private(module, p); return ldb_next_init(module); }