diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-10-19 11:22:12 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-10-19 11:22:35 +1100 |
commit | 423365d5fa6b66f8be370accedfc6ed04d6df6b3 (patch) | |
tree | ee68d962ad0a8918aa9c231acd1def8119e1147c /source4 | |
parent | 80a4adc062a64e25a9ba0986e426c21599d1a366 (diff) | |
download | samba-423365d5fa6b66f8be370accedfc6ed04d6df6b3.tar.gz samba-423365d5fa6b66f8be370accedfc6ed04d6df6b3.tar.bz2 samba-423365d5fa6b66f8be370accedfc6ed04d6df6b3.zip |
s4-ldap: mark all ldap:// requests as untrusted
this allows the rootdse module to filter unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/ldap_server/ldap_backend.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index bab5923231..671e94adce 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -27,6 +27,7 @@ #include "smbd/service_stream.h" #include "dsdb/samdb/samdb.h" #include "lib/ldb/include/ldb_errors.h" +#include "lib/ldb/include/ldb_module.h" #include "ldb_wrap.h" #define VALID_DN_SYNTAX(dn) do {\ @@ -319,6 +320,10 @@ static int ldb_add_with_controls(struct ldb_context *ldb, return ret; } + ldb_req_mark_untrusted(req); + + LDB_REQ_SET_LOCATION(req); + ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); @@ -365,6 +370,10 @@ static int ldb_mod_req_with_controls(struct ldb_context *ldb, return ret; } + ldb_req_mark_untrusted(req); + + LDB_REQ_SET_LOCATION(req); + ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); @@ -404,6 +413,10 @@ static int ldb_del_req_with_controls(struct ldb_context *ldb, return ret; } + ldb_req_mark_untrusted(req); + + LDB_REQ_SET_LOCATION(req); + ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); @@ -444,6 +457,10 @@ int ldb_rename_with_controls(struct ldb_context *ldb, return ret; } + ldb_req_mark_untrusted(req); + + LDB_REQ_SET_LOCATION(req); + ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); @@ -580,6 +597,10 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) ldb_request_add_control(lreq, DSDB_CONTROL_SEARCH_APPLY_ACCESS, false, NULL); ldb_set_timeout(samdb, lreq, req->timelimit); + ldb_req_mark_untrusted(lreq); + + LDB_REQ_SET_LOCATION(lreq); + ldb_ret = ldb_request(samdb, lreq); if (ldb_ret != LDB_SUCCESS) { |