From fab9d94006351793fddd7f06eef7a05c62f8817c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 25 Nov 2010 16:17:10 +1100 Subject: s4-dsdb Remove rootDSE and anonymous checks from acl_read The rootdse module handles rootDSE requests, and blocks anonymous access, so we on't need to do it again here. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Fri Nov 26 00:36:19 CET 2010 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/acl_read.c | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 3a0f6f34eb..81f9bf6284 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -191,11 +191,9 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; int ret; - bool block_anonymous; struct aclread_context *ac; struct ldb_request *down_req; struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); - struct auth_session_info *session_info; struct ldb_result *res; struct ldb_message_element *parent; struct aclread_private *p; @@ -219,19 +217,6 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) if (ldb_dn_is_special(req->op.search.base)) { return ldb_next_request(module, req); } - /* allow all access to rootDSE */ - if (req->op.search.scope == LDB_SCOPE_BASE && ldb_dn_is_null(req->op.search.base)) { - return ldb_next_request(module, req); - } - - session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - if (session_info && security_token_is_anonymous(session_info->security_token)) { - block_anonymous = dsdb_block_anonymous_ops(module); - if (block_anonymous) { - return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR, - "This request is not allowed to an anonymous connection."); - } - } /* check accessibility of base */ if (!ldb_dn_is_null(req->op.search.base)) { -- cgit