s4-dsdb: Explicitly mark some internal ldb requests as trusted

[nivanova/samba.git] / source4 / dsdb / samdb / ldb_modules / rootdse.c

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index c5486b539b8fb4f11d8a111dc1772dd79fef3086..0c2d569f85204db3c4d1d9cf32342b861a21cc5b 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1,6 +1,5 @@
 /*
    Unix SMB/CIFS implementation.
-
    rootDSE ldb module
 
    Copyright (C) Andrew Tridgell 2005
@@ -206,7 +205,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
                int ret;
                const char *dns_attrs[] = { "dNSHostName", NULL };
                ret = dsdb_module_search_dn(module, msg, &res, samdb_server_dn(ldb, msg),
-                                           dns_attrs, DSDB_FLAG_NEXT_MODULE, req);
+                                           dns_attrs, DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_TRUSTED, req);
                if (ret == LDB_SUCCESS) {
                        const char *hostname = ldb_msg_find_attr_as_string(res->msgs[0], "dNSHostName", NULL);
                        if (hostname != NULL) {
@@ -804,7 +803,7 @@ static int rootdse_init(struct ldb_module *module)
        */
        ret = dsdb_module_search(module, mem_ctx, &res,
                                 ldb_get_default_basedn(ldb),
-                                LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE, NULL, NULL);
+                                LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_TRUSTED, NULL, NULL);
        if (ret == LDB_SUCCESS && res->count == 1) {
                int domain_behaviour_version
                        = ldb_msg_find_attr_as_int(res->msgs[0],
@@ -826,7 +825,7 @@ static int rootdse_init(struct ldb_module *module)
 
        ret = dsdb_module_search(module, mem_ctx, &res,
                                 samdb_partitions_dn(ldb, mem_ctx),
-                                LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE, NULL, NULL);
+                                LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_TRUSTED, NULL, NULL);
        if (ret == LDB_SUCCESS && res->count == 1) {
                int forest_behaviour_version
                        = ldb_msg_find_attr_as_int(res->msgs[0],
@@ -850,14 +849,15 @@ static int rootdse_init(struct ldb_module *module)
         * the @ROOTDSE record */
        ret = dsdb_module_search(module, mem_ctx, &res,
                                 ldb_dn_new(mem_ctx, ldb, "@ROOTDSE"),
-                                LDB_SCOPE_BASE, ds_attrs, DSDB_FLAG_NEXT_MODULE, NULL, NULL);
+                                LDB_SCOPE_BASE, ds_attrs, DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_TRUSTED, NULL, NULL);
        if (ret == LDB_SUCCESS && res->count == 1) {
                struct ldb_dn *ds_dn
                        = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0],
                                                  "dsServiceName");
                if (ds_dn) {
                        ret = dsdb_module_search(module, mem_ctx, &res, ds_dn,
-                                                LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE, NULL, NULL);
+                                                LDB_SCOPE_BASE, attrs,
+                                                DSDB_FLAG_NEXT_MODULE|DSDB_FLAG_TRUSTED, NULL, NULL);
                        if (ret == LDB_SUCCESS && res->count == 1) {
                                int domain_controller_behaviour_version
                                        = ldb_msg_find_attr_as_int(res->msgs[0],
@@ -950,7 +950,8 @@ static int dsdb_find_optional_feature(struct ldb_module *module, struct ldb_cont
        ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
                                 NULL,
                                 DSDB_FLAG_NEXT_MODULE |
-                                DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+                                DSDB_SEARCH_SEARCH_ALL_PARTITIONS |
+                                DSDB_FLAG_TRUSTED,
                                 parent,
                                 "(&(objectClass=msDS-OptionalFeature)"
                                 "(msDS-OptionalFeatureGUID=%s))",GUID_string(tmp_ctx, &op_feature_guid));