diff options
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 11 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.h | 3 |
2 files changed, 5 insertions, 9 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 3b8e60c8fd..78a9e28396 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -195,25 +195,24 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) struct aclread_context *ac; struct ldb_request *down_req; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); - struct ldb_control *apply_access = ldb_request_get_control(req, DSDB_CONTROL_SEARCH_APPLY_ACCESS); struct auth_session_info *session_info; struct ldb_result *res; struct ldb_message_element *parent; struct aclread_private *p; + bool is_untrusted = ldb_req_is_untrusted(req); static const char *acl_attrs[] = { "parentGUID", NULL - }; + }; + ldb = ldb_module_get_ctx(module); p = talloc_get_type(ldb_module_get_private(module), struct aclread_private); - if (apply_access != NULL) { - apply_access->critical = 0; - } + /* skip access checks if we are system or system control is supplied * or this is not LDAP server request */ if (!p || !p->enabled || dsdb_module_am_system(module) - || as_system || !apply_access) { + || as_system || !is_untrusted) { return ldb_next_request(module, req); } /* no checks on special dn */ diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 4a9edbae10..a3d8f7952d 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -192,7 +192,4 @@ struct dsdb_fsmo_extended_op { struct GUID destination_dsa_guid; }; -/* applied access checks on LDAP reads */ -#define DSDB_CONTROL_SEARCH_APPLY_ACCESS "1.3.6.1.4.1.7165.4.3.15" - #endif /* __SAMDB_H__ */ |