s4-ldap: mark all ldap:// requests as untrusted

author Andrew Tridgell <tridge@samba.org>

Tue, 19 Oct 2010 00:22:12 +0000 (11:22 +1100)

committer Andrew Tridgell <tridge@samba.org>

Tue, 19 Oct 2010 00:22:35 +0000 (11:22 +1100)
author Andrew Tridgell <tridge@samba.org>
Tue, 19 Oct 2010 00:22:12 +0000 (11:22 +1100)
committer Andrew Tridgell <tridge@samba.org>
Tue, 19 Oct 2010 00:22:35 +0000 (11:22 +1100)
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c

index bab5923231caf77f98f800702130f40a3f8ee782..671e94adce5483ccd4570c6a295f68e85949573e 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -27,6 +27,7 @@
  #include "smbd/service_stream.h"
  #include "dsdb/samdb/samdb.h"
  #include "lib/ldb/include/ldb_errors.h"
+#include "lib/ldb/include/ldb_module.h"
  #include "ldb_wrap.h"
  
  #define VALID_DN_SYNTAX(dn) do {\
@@ -319,6 +320,10 @@ static int ldb_add_with_controls(struct ldb_context *ldb,
                 return ret;
         }
  
+       ldb_req_mark_untrusted(req);
+
+       LDB_REQ_SET_LOCATION(req);
+
         ret = ldb_request(ldb, req);
         if (ret == LDB_SUCCESS) {
                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
@@ -365,6 +370,10 @@ static int ldb_mod_req_with_controls(struct ldb_context *ldb,
                 return ret;
         }
  
+       ldb_req_mark_untrusted(req);
+
+       LDB_REQ_SET_LOCATION(req);
+
         ret = ldb_request(ldb, req);
         if (ret == LDB_SUCCESS) {
                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
@@ -404,6 +413,10 @@ static int ldb_del_req_with_controls(struct ldb_context *ldb,
                 return ret;
         }
  
+       ldb_req_mark_untrusted(req);
+
+       LDB_REQ_SET_LOCATION(req);
+
         ret = ldb_request(ldb, req);
         if (ret == LDB_SUCCESS) {
                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
@@ -444,6 +457,10 @@ int ldb_rename_with_controls(struct ldb_context *ldb,
                 return ret;
         }
  
+       ldb_req_mark_untrusted(req);
+
+       LDB_REQ_SET_LOCATION(req);
+
         ret = ldb_request(ldb, req);
         if (ret == LDB_SUCCESS) {
                 ret = ldb_wait(req->handle, LDB_WAIT_ALL);
@@ -580,6 +597,10 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
         ldb_request_add_control(lreq, DSDB_CONTROL_SEARCH_APPLY_ACCESS, false, NULL);
         ldb_set_timeout(samdb, lreq, req->timelimit);
  
+       ldb_req_mark_untrusted(lreq);
+
+       LDB_REQ_SET_LOCATION(lreq);
+
         ldb_ret = ldb_request(samdb, lreq);
  
         if (ldb_ret != LDB_SUCCESS) {
author	Andrew Tridgell <tridge@samba.org>
	Tue, 19 Oct 2010 00:22:12 +0000 (11:22 +1100)
committer	Andrew Tridgell <tridge@samba.org>
	Tue, 19 Oct 2010 00:22:35 +0000 (11:22 +1100)