IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
No need to reference as no one further up the stack uses the result, it is the result of a secondary request sent by aclread.
As a result from code review by Kamen Mazdrashki and Anatoliy Atanasov
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 15:01:51 CET 2010 on sn-devel-104
Instead of using ldb_msg_remove_attr, now we are flagging the attributes to be removed,
and allocating the new elements array to be returned at once. This seems to decrease the
overhead by 50 percent.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 12:00:27 CET 2010 on sn-devel-104
Modified the aclread module to now insert the attributes needed to perform access checks in the same request,
instead of doind a separate search per entry. Also, instanceType is now used to determine id the object has a parent
instead of parentGUID, which saves one additional search in operational.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Dec 6 13:50:19 CET 2010 on sn-devel-104
The rootdse module handles rootDSE requests, and blocks anonymous
access, so we on't need to do it again here.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Nov 26 00:36:19 CET 2010 on sn-devel-104
It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
It is currently enabled only if the request comes from the LDAP server, and is
disabled by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
