From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 8 Sep 2008 01:09:02 +0000 (+1000)
Subject: Don't expose passwords, even to the administrator.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa3f3bab33001770a9d7e33875bf212636f6c128;p=thirdparty%2Fsamba.git

Don't expose passwords, even to the administrator.

This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.

Andrew Bartlett
---

diff --git a/source/dsdb/samdb/ldb_modules/kludge_acl.c b/source/dsdb/samdb/ldb_modules/kludge_acl.c
index 2c01594722a..bc998a835a9 100644
--- a/source/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -238,7 +238,6 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld
 	{
 		switch (ac->user_type) {
 		case SECURITY_SYSTEM:
-		case SECURITY_ADMINISTRATOR:
 			if (ac->allowedAttributesEffective) {
 				ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective");
 				if (ret != LDB_SUCCESS) {
@@ -252,6 +251,20 @@ static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ld
 				}
 			}
 			break;
+		case SECURITY_ADMINISTRATOR:
+			if (ac->allowedAttributesEffective) {
+				ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective");
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+			if (ac->allowedChildClassesEffective) {
+				ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective");
+				if (ret != LDB_SUCCESS) {
+					return ret;
+				}
+			}
+			/* fall though */
 		default:
 			/* remove password attributes */
 			for (i = 0; data->password_attrs[i]; i++) {