summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-10-27 14:04:03 +0300
committerNadezhda Ivanova <nivanova@samba.org>2010-10-27 11:55:11 +0000
commit3003bd40379b669e8b2cef7a40784f0114344f8e (patch)
tree05820473372336d6ffe459765ae0335d3bc56a65 /source4/dsdb/samdb
parentb1f6a2be271881cb93764b54dc89d35f4467f1fb (diff)
downloadsamba-3003bd40379b669e8b2cef7a40784f0114344f8e.tar.gz
samba-3003bd40379b669e8b2cef7a40784f0114344f8e.tar.bz2
samba-3003bd40379b669e8b2cef7a40784f0114344f8e.zip
s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_read.c11
-rw-r--r--source4/dsdb/samdb/samdb.h3
2 files changed, 5 insertions, 9 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 3b8e60c8fd..78a9e28396 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -195,25 +195,24 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
struct aclread_context *ac;
struct ldb_request *down_req;
struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- struct ldb_control *apply_access = ldb_request_get_control(req, DSDB_CONTROL_SEARCH_APPLY_ACCESS);
struct auth_session_info *session_info;
struct ldb_result *res;
struct ldb_message_element *parent;
struct aclread_private *p;
+ bool is_untrusted = ldb_req_is_untrusted(req);
static const char *acl_attrs[] = {
"parentGUID",
NULL
- };
+ };
+
ldb = ldb_module_get_ctx(module);
p = talloc_get_type(ldb_module_get_private(module), struct aclread_private);
- if (apply_access != NULL) {
- apply_access->critical = 0;
- }
+
/* skip access checks if we are system or system control is supplied
* or this is not LDAP server request */
if (!p || !p->enabled ||
dsdb_module_am_system(module)
- || as_system || !apply_access) {
+ || as_system || !is_untrusted) {
return ldb_next_request(module, req);
}
/* no checks on special dn */
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 4a9edbae10..a3d8f7952d 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -192,7 +192,4 @@ struct dsdb_fsmo_extended_op {
struct GUID destination_dsa_guid;
};
-/* applied access checks on LDAP reads */
-#define DSDB_CONTROL_SEARCH_APPLY_ACCESS "1.3.6.1.4.1.7165.4.3.15"
-
#endif /* __SAMDB_H__ */