2025-01-10 01:18:15 +03:00 · 2010-12-01 12:18:21 +01:00 · 2010-12-01 12:18:21 +01:00 · b85a0d9297
commit b85a0d9297
parent 9a1fb1351f
3 changed files with 21 additions and 8 deletions
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@ -321,7 +321,9 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call,
 		return ret;
 	}

-	ldb_req_mark_untrusted(req);
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}

 	LDB_REQ_SET_LOCATION(req);

@ -372,7 +374,9 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call,
 		return ret;
 	}

-	ldb_req_mark_untrusted(req);
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}

 	LDB_REQ_SET_LOCATION(req);

@ -416,7 +420,9 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call,
 		return ret;
 	}

-	ldb_req_mark_untrusted(req);
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}

 	LDB_REQ_SET_LOCATION(req);

@ -461,7 +467,9 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call,
 		return ret;
 	}

-	ldb_req_mark_untrusted(req);
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(req);
+	}

 	LDB_REQ_SET_LOCATION(req);

@ -600,7 +608,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)

 	ldb_set_timeout(samdb, lreq, req->timelimit);

-	ldb_req_mark_untrusted(lreq);
+	if (!call->conn->is_privileged) {
+		ldb_req_mark_untrusted(lreq);
+	}

 	LDB_REQ_SET_LOCATION(lreq);

--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@ -261,7 +261,8 @@ static void ldapsrv_accept_tls_done(struct tevent_req *subreq);
  for reading from that socket
 */
 static void ldapsrv_accept(struct stream_connection *c,
-			   struct auth_session_info *session_info)
+			   struct auth_session_info *session_info,
+			   bool is_privileged)
 {
 	struct ldapsrv_service *ldapsrv_service = 
 		talloc_get_type(c->private_data, struct ldapsrv_service);
@ -279,6 +280,7 @@ static void ldapsrv_accept(struct stream_connection *c,
 		stream_terminate_connection(c, "ldapsrv_accept: out of memory");
 		return;
 	}
+	conn->is_privileged = is_privileged;

 	conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue");
 	if (conn->sockets.send_queue == NULL) {
@ -758,7 +760,7 @@ static void ldapsrv_accept_nonpriv(struct stream_connection *c)
 					    "session info");
 		return;
 	}
-	ldapsrv_accept(c, session_info);
+	ldapsrv_accept(c, session_info, false);
 }

 static const struct stream_server_ops ldap_stream_nonpriv_ops = {
@ -786,7 +788,7 @@ static void ldapsrv_accept_priv(struct stream_connection *c)
 					    "session info");
 		return;
 	}
-	ldapsrv_accept(c, session_info);
+	ldapsrv_accept(c, session_info, true);
 }

 static const struct stream_server_ops ldap_stream_priv_ops = {
--- a/source4/ldap_server/ldap_server.h
+++ b/source4/ldap_server/ldap_server.h
@ -41,6 +41,7 @@ struct ldapsrv_connection {
 	} sockets;

 	bool global_catalog;
+	bool is_privileged;

 	struct {
 		int initial_timeout;