git.samba.org - jra/samba/.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Fri, 6 Jan 2006 21:04:32 +0000 (21:04 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:49:48 +0000 (13:49 -0500)
commit	a8eec313549905724a8186a1a4c14480658e2967
tree	d5508e749de4d304a86a3abfc733b0b529d1c5e6	tree
parent	b51fe793c7cefb693d6d3633272b82238e712abe	commit \| diff

r12746: An initial version of the kludge_acls module.

This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:

- SYSTEM and Administrators can read all.

- Users and anonymous cannot read passwords, can read everything else

- list of 'password' attributes is hard-coded

Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)

Andrew Bartlett
(This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)

source4/dsdb/samdb/ldb_modules/config.mk		diff \| blob \| history
source4/dsdb/samdb/ldb_modules/kludge_acl.c	[new file with mode: 0644]	blob
source4/lib/ldb/common/ldb_modules.c		diff \| blob \| history
source4/lib/ldb/common/ldb_msg.c		diff \| blob \| history
source4/scripting/ejs/smbcalls_auth.c		diff \| blob \| history
source4/scripting/ejs/smbcalls_ldb.c		diff \| blob \| history
source4/setup/provision		diff \| blob \| history
source4/setup/provision_init.ldif		diff \| blob \| history