sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECT

Browse Source 
We may need to return child objects even if the base dn
is invisible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2020-10-12 17:59:34 +02:00
parent faff8e6c89
commit e1529bedb2
2 changed files with 23 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
selftest/knownfail.d/ldap-acl-visibility
View File

@ -1,154 +1,50 @@
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_CO_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_Cn_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nO_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Allow_nn_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_CO_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_Cn_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nO_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_nO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_Do_Deny_nn_nn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_CO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_CO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_CO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_CO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_Cn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_Cn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_Cn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_Cn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Allow_nn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_CO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_CO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_CO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_CO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_Cn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_Cn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_Cn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_Cn_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nO_nn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_CO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_CO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_CO_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_CO_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_Cn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_Cn_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_Cn_nO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_Cn_nn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_nO_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_nO_Cn
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_nn_CO
^samba4.ldap.acl.python.*.__main__.AclVisibiltyTests.test_visibility_No_Deny_nn_nn_Cn

24
source4/dsdb/samdb/ldb_modules/acl_read.c
View File

@ -52,6 +52,9 @@ struct aclread_context {
bool added_objectClass;
bool indirsync;
bool base_invisible;
uint64_t num_entries;
/* cache on the last parent we checked in this search */
struct ldb_dn *last_parent_dn;
int last_parent_check_ret;
@ -713,10 +716,21 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares)
}
talloc_free(tmp_ctx);
ac->num_entries++;
return ldb_module_send_entry(ac->req, ret_msg, ares->controls);
case LDB_REPLY_REFERRAL:
return ldb_module_send_referral(ac->req, ares->referral);
case LDB_REPLY_DONE:
if (ac->base_invisible && ac->num_entries == 0) {
/*
* If the base is invisible and we didn't
* returned any object, we need to return
* NO_SUCH_OBJECT.
*/
return ldb_module_done(ac->req,
NULL, NULL,
LDB_ERR_NO_SUCH_OBJECT);
}
return ldb_module_done(ac->req, ares->controls,
ares->response, LDB_SUCCESS);
@ -851,7 +865,15 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
}
ret = aclread_check_object_visible(ac, res->msgs[0], req);
if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
return ldb_module_done(req, NULL, NULL, LDB_ERR_NO_SUCH_OBJECT);
if (req->op.search.scope == LDB_SCOPE_BASE) {
return ldb_module_done(req, NULL, NULL,
LDB_ERR_NO_SUCH_OBJECT);
}
/*
* Defer LDB_ERR_NO_SUCH_OBJECT,
* we may return sub objects
*/
ac->base_invisible = true;
} else if (ret != LDB_SUCCESS) {
return ldb_module_done(req, NULL, NULL, ret);
}