struct aclread_context *ac;
struct ldb_request *down_req;
struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- struct ldb_control *apply_access = ldb_request_get_control(req, DSDB_CONTROL_SEARCH_APPLY_ACCESS);
struct auth_session_info *session_info;
struct ldb_result *res;
struct ldb_message_element *parent;
struct aclread_private *p;
+ bool is_untrusted = ldb_req_is_untrusted(req);
static const char *acl_attrs[] = {
"parentGUID",
NULL
- };
+ };
+
ldb = ldb_module_get_ctx(module);
p = talloc_get_type(ldb_module_get_private(module), struct aclread_private);
- if (apply_access != NULL) {
- apply_access->critical = 0;
- }
+
/* skip access checks if we are system or system control is supplied
* or this is not LDAP server request */
if (!p || !p->enabled ||
dsdb_module_am_system(module)
- || as_system || !apply_access) {
+ || as_system || !is_untrusted) {
return ldb_next_request(module, req);
}
/* no checks on special dn */
}
}
- ldb_request_add_control(lreq, DSDB_CONTROL_SEARCH_APPLY_ACCESS, false, NULL);
ldb_set_timeout(samdb, lreq, req->timelimit);
ldb_req_mark_untrusted(lreq);
{ LDB_CONTROL_BYPASS_OPERATIONAL_OID, NULL, NULL },
/* DSDB_CONTROL_CHANGEREPLMETADATA_OID is internal only, and has no network representation */
{ DSDB_CONTROL_CHANGEREPLMETADATA_OID, NULL, NULL },
-/* DSDB_CONTROL_SEARCH_APPLY_ACCESS is internal only, and has no network representation */
- { DSDB_CONTROL_SEARCH_APPLY_ACCESS, NULL, NULL },
/* LDB_CONTROL_PROVISION_OID is internal only, and has no network representation */
{ LDB_CONTROL_PROVISION_OID, NULL, NULL },
/* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */