mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
cfeb9fe50e
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by Samba. Having a second access control system withing the LDAP stack is unsafe and this layer is incomplete. The current system gives all accounts that have been given the GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba this equates to full access to passwords as well as "RODC Filtered attributes" (often used with confidential attributes). Rather than attempting to correctly filter for secrets (passwords) and these filtered attributes, as well as preventing search expressions for both, we leave this complexity to the acl_read module which has this facility already well tested. The implication is that callers will only see and filter by attribute in DirSync that they could without DirSync. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abartlet@samba.org> |
||
---|---|---|
.. | ||
bug-14236 | ||
bug-14810 | ||
claims-client-tool | ||
complex_expressions | ||
dfs_paths | ||
dirsync | ||
dns | ||
dns_packet | ||
dns-aging | ||
durable-v2-delay | ||
empty-domain-name | ||
encrypted_secrets | ||
getncchanges | ||
initshutdown | ||
kdc-salt | ||
keytab | ||
kinit_trust | ||
krb5-no-preauth | ||
labdc | ||
ldap | ||
ldap_spn | ||
lm-hash-support-gone | ||
lzxpress | ||
modify-order | ||
multichannel | ||
netlogon | ||
nt-hash-support-gone | ||
ntlmv1-restrictions | ||
ntlmv2-restrictions | ||
oneway | ||
priv_attr | ||
protected_users | ||
python-segfaults | ||
quota1 | ||
README | ||
replica_sync | ||
rpc-dfs | ||
rpc-netlogon-zerologon | ||
rw-invalid | ||
s3-logging | ||
s3-lsa-server | ||
samba3.rpc.samr | ||
samba3.vfs.fruit | ||
samba4.rpc.netlogon-s3 | ||
samba4.rpc.samr | ||
samba-4.5-emulation | ||
sddl | ||
security-descriptors | ||
sid-strings | ||
silo-client-tool | ||
smb1-tests | ||
smb2.replay | ||
smb2.session | ||
smbcacls | ||
smbclient_machine_auth.plain | ||
smbclient-smb3 | ||
source3-epmapper | ||
srvsvc | ||
symlink | ||
uac_objectclass_restrict | ||
upn_handling | ||
usage | ||
vlv | ||
wkssvc |
# Files in this directory contain lists of regular expressions # matching the names of tests that are temporarily expected to fail. # # "make test" will not report failures for tests listed here and will consider # a successful run for any of these tests an error. # # Empty lines and lines beginning with '#' are ignored. # Please don't add tests to this README!