struct ldb_context *ldb;
struct rootdse_context *ac;
struct ldb_request *down_req;
+ bool block_anonymous;
int ret;
ldb = ldb_module_get_ctx(module);
/* see if its for the rootDSE - only a base search on the "" DN qualifies */
if (!(req->op.search.scope == LDB_SCOPE_BASE && ldb_dn_is_null(req->op.search.base))) {
+ struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ if (session_info && security_token_is_anonymous(session_info->security_token)) {
+ block_anonymous = dsdb_block_anonymous_ops(module, req);
+ if (block_anonymous && !ldb_dn_is_special(req->op.search.base)) {
+ /* DEBUG(0, ("REq %s", ldb_dn_get_linearized(req->op.search.base))); */
+ return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+ "This request is not allowed to an anonymous connection.");
+ }
+ }
/* Otherwise, pass down to the rest of the stack */
return ldb_next_request(module, req);
}
Then stuff these values into an opaque
*/
- ret = ldb_search(ldb, mem_ctx, &res,
+ ret = dsdb_module_search(module, mem_ctx, &res,
ldb_get_default_basedn(ldb),
- LDB_SCOPE_BASE, attrs, NULL);
+ LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE,NULL);
if (ret == LDB_SUCCESS && res->count == 1) {
int domain_behaviour_version
= ldb_msg_find_attr_as_int(res->msgs[0],
}
}
- ret = ldb_search(ldb, mem_ctx, &res,
+ ret = dsdb_module_search(module, mem_ctx, &res,
samdb_partitions_dn(ldb, mem_ctx),
- LDB_SCOPE_BASE, attrs, NULL);
+ LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE,NULL);
if (ret == LDB_SUCCESS && res->count == 1) {
int forest_behaviour_version
= ldb_msg_find_attr_as_int(res->msgs[0],
ret = ldb_search(ldb, mem_ctx, &res,
ldb_dn_new(mem_ctx, ldb, ""),
- LDB_SCOPE_BASE, ds_attrs, NULL);
+ LDB_SCOPE_BASE, ds_attrs,NULL);
if (ret == LDB_SUCCESS && res->count == 1) {
struct ldb_dn *ds_dn
= ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0],
"dsServiceName");
if (ds_dn) {
- ret = ldb_search(ldb, mem_ctx, &res, ds_dn,
- LDB_SCOPE_BASE, attrs, NULL);
+ ret = dsdb_module_search(module, mem_ctx, &res, ds_dn,
+ LDB_SCOPE_BASE, attrs, DSDB_FLAG_NEXT_MODULE,NULL);
if (ret == LDB_SUCCESS && res->count == 1) {
int domain_controller_behaviour_version
= ldb_msg_find_attr_as_int(res->msgs[0],