s4:dsdb:acl_read: Implement "List Object" mode feature
commita127fb862b6f9388f788c12ab390dbf8af0270c2
authorStefan Metzmacher <metze@samba.org>
Tue, 13 Oct 2020 10:43:39 +0000 (13 12:43 +0200)
committerKarolin Seeger <kseeger@samba.org>
Mon, 26 Oct 2020 12:17:33 +0000 (26 12:17 +0000)
treebb96b28243ea5bec21be640b6c969c550ba92126
parent66e64bf9a61525bd3b0eee111a9860349841fa6a
s4:dsdb:acl_read: Implement "List Object" mode feature

See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility

I tried to avoid any possible overhead for the common cases:

- SEC_ADS_LIST (List Children) is already granted by default
- fDoListObject is off by default

Overhead is only added if the administrator turned on
the fDoListObject feature and removed SEC_ADS_LIST (List Children)
from a parent object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184

(cherry picked from commit 7223f6453b1b38c933c9480c637ffd06d9f39b97)
selftest/knownfail.d/ldap-acl-visibility [deleted file]
source4/dsdb/samdb/ldb_modules/acl_read.c