summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-12-01 12:18:21 +0100
committerStefan Metzmacher <metze@samba.org>2010-12-13 15:32:04 +0100
commitb85a0d929718681cfaf5cdb6d9b30b47386773e0 (patch)
tree888c58d7383a59dff6214655cebbd153c1986000
parent9a1fb1351f56d14171125378ca55e20c76b356bd (diff)
downloadsamba-b85a0d929718681cfaf5cdb6d9b30b47386773e0.tar.gz
samba-b85a0d929718681cfaf5cdb6d9b30b47386773e0.tar.bz2
samba-b85a0d929718681cfaf5cdb6d9b30b47386773e0.zip
s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi socket
metze
-rw-r--r--source4/ldap_server/ldap_backend.c20
-rw-r--r--source4/ldap_server/ldap_server.c8
-rw-r--r--source4/ldap_server/ldap_server.h1
3 files changed, 21 insertions, 8 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 01d0376b82..f3c9b01b7e 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -321,7 +321,9 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call,
return ret;
}
- ldb_req_mark_untrusted(req);
+ if (!call->conn->is_privileged) {
+ ldb_req_mark_untrusted(req);
+ }
LDB_REQ_SET_LOCATION(req);
@@ -372,7 +374,9 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call,
return ret;
}
- ldb_req_mark_untrusted(req);
+ if (!call->conn->is_privileged) {
+ ldb_req_mark_untrusted(req);
+ }
LDB_REQ_SET_LOCATION(req);
@@ -416,7 +420,9 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call,
return ret;
}
- ldb_req_mark_untrusted(req);
+ if (!call->conn->is_privileged) {
+ ldb_req_mark_untrusted(req);
+ }
LDB_REQ_SET_LOCATION(req);
@@ -461,7 +467,9 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call,
return ret;
}
- ldb_req_mark_untrusted(req);
+ if (!call->conn->is_privileged) {
+ ldb_req_mark_untrusted(req);
+ }
LDB_REQ_SET_LOCATION(req);
@@ -600,7 +608,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
ldb_set_timeout(samdb, lreq, req->timelimit);
- ldb_req_mark_untrusted(lreq);
+ if (!call->conn->is_privileged) {
+ ldb_req_mark_untrusted(lreq);
+ }
LDB_REQ_SET_LOCATION(lreq);
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index db775c9a12..21030ba318 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -261,7 +261,8 @@ static void ldapsrv_accept_tls_done(struct tevent_req *subreq);
for reading from that socket
*/
static void ldapsrv_accept(struct stream_connection *c,
- struct auth_session_info *session_info)
+ struct auth_session_info *session_info,
+ bool is_privileged)
{
struct ldapsrv_service *ldapsrv_service =
talloc_get_type(c->private_data, struct ldapsrv_service);
@@ -279,6 +280,7 @@ static void ldapsrv_accept(struct stream_connection *c,
stream_terminate_connection(c, "ldapsrv_accept: out of memory");
return;
}
+ conn->is_privileged = is_privileged;
conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue");
if (conn->sockets.send_queue == NULL) {
@@ -758,7 +760,7 @@ static void ldapsrv_accept_nonpriv(struct stream_connection *c)
"session info");
return;
}
- ldapsrv_accept(c, session_info);
+ ldapsrv_accept(c, session_info, false);
}
static const struct stream_server_ops ldap_stream_nonpriv_ops = {
@@ -786,7 +788,7 @@ static void ldapsrv_accept_priv(struct stream_connection *c)
"session info");
return;
}
- ldapsrv_accept(c, session_info);
+ ldapsrv_accept(c, session_info, true);
}
static const struct stream_server_ops ldap_stream_priv_ops = {
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
index 4d5cae49fc..6f8b433a1c 100644
--- a/source4/ldap_server/ldap_server.h
+++ b/source4/ldap_server/ldap_server.h
@@ -41,6 +41,7 @@ struct ldapsrv_connection {
} sockets;
bool global_catalog;
+ bool is_privileged;
struct {
int initial_timeout;