diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-12-01 12:18:21 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-12-13 15:32:04 +0100 |
commit | b85a0d929718681cfaf5cdb6d9b30b47386773e0 (patch) | |
tree | 888c58d7383a59dff6214655cebbd153c1986000 | |
parent | 9a1fb1351f56d14171125378ca55e20c76b356bd (diff) | |
download | samba-b85a0d929718681cfaf5cdb6d9b30b47386773e0.tar.gz samba-b85a0d929718681cfaf5cdb6d9b30b47386773e0.tar.bz2 samba-b85a0d929718681cfaf5cdb6d9b30b47386773e0.zip |
s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi socket
metze
-rw-r--r-- | source4/ldap_server/ldap_backend.c | 20 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.c | 8 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.h | 1 |
3 files changed, 21 insertions, 8 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 01d0376b82..f3c9b01b7e 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -321,7 +321,9 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call, return ret; } - ldb_req_mark_untrusted(req); + if (!call->conn->is_privileged) { + ldb_req_mark_untrusted(req); + } LDB_REQ_SET_LOCATION(req); @@ -372,7 +374,9 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, return ret; } - ldb_req_mark_untrusted(req); + if (!call->conn->is_privileged) { + ldb_req_mark_untrusted(req); + } LDB_REQ_SET_LOCATION(req); @@ -416,7 +420,9 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call, return ret; } - ldb_req_mark_untrusted(req); + if (!call->conn->is_privileged) { + ldb_req_mark_untrusted(req); + } LDB_REQ_SET_LOCATION(req); @@ -461,7 +467,9 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call, return ret; } - ldb_req_mark_untrusted(req); + if (!call->conn->is_privileged) { + ldb_req_mark_untrusted(req); + } LDB_REQ_SET_LOCATION(req); @@ -600,7 +608,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) ldb_set_timeout(samdb, lreq, req->timelimit); - ldb_req_mark_untrusted(lreq); + if (!call->conn->is_privileged) { + ldb_req_mark_untrusted(lreq); + } LDB_REQ_SET_LOCATION(lreq); diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index db775c9a12..21030ba318 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -261,7 +261,8 @@ static void ldapsrv_accept_tls_done(struct tevent_req *subreq); for reading from that socket */ static void ldapsrv_accept(struct stream_connection *c, - struct auth_session_info *session_info) + struct auth_session_info *session_info, + bool is_privileged) { struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private_data, struct ldapsrv_service); @@ -279,6 +280,7 @@ static void ldapsrv_accept(struct stream_connection *c, stream_terminate_connection(c, "ldapsrv_accept: out of memory"); return; } + conn->is_privileged = is_privileged; conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue"); if (conn->sockets.send_queue == NULL) { @@ -758,7 +760,7 @@ static void ldapsrv_accept_nonpriv(struct stream_connection *c) "session info"); return; } - ldapsrv_accept(c, session_info); + ldapsrv_accept(c, session_info, false); } static const struct stream_server_ops ldap_stream_nonpriv_ops = { @@ -786,7 +788,7 @@ static void ldapsrv_accept_priv(struct stream_connection *c) "session info"); return; } - ldapsrv_accept(c, session_info); + ldapsrv_accept(c, session_info, true); } static const struct stream_server_ops ldap_stream_priv_ops = { diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index 4d5cae49fc..6f8b433a1c 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -41,6 +41,7 @@ struct ldapsrv_connection { } sockets; bool global_catalog; + bool is_privileged; struct { int initial_timeout; |