s4-dsdb: Explicitly mark some internal ldb requests as trusted

[nivanova/samba.git] / source4 / dsdb / samdb / ldb_modules / acl_util.c

diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index a7bc331f8edf533ca18dab84b1a3df1d2e59c0f7..67b44b5d4d00eb06918f66e15f515f0889e5ca92 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -74,7 +74,8 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
        ret = dsdb_module_search_dn(module, mem_ctx, &acl_res, dn,
                                    acl_attrs,
                                    DSDB_FLAG_NEXT_MODULE |
-                                   DSDB_SEARCH_SHOW_RECYCLED,
+                                   DSDB_SEARCH_SHOW_RECYCLED |
+                                   DSDB_FLAG_TRUSTED,
                                    parent);
        if (ret != LDB_SUCCESS) {
                DEBUG(0,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
@@ -111,7 +112,8 @@ int dsdb_module_check_access_on_guid(struct ldb_module *module,
        ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
                                 acl_attrs,
                                 DSDB_FLAG_NEXT_MODULE |
-                                DSDB_SEARCH_SHOW_RECYCLED,
+                                DSDB_SEARCH_SHOW_RECYCLED |
+                                DSDB_FLAG_TRUSTED,
                                 parent,
                                 "objectGUID=%s", GUID_string(mem_ctx, guid));