diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 8ca8607b925..6dcc3c9b36e 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -860,7 +860,7 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) int ret; struct aclread_context *ac; struct ldb_request *down_req; - struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID); + bool am_system; struct ldb_result *res; struct aclread_private *p; bool need_sd = false; @@ -877,11 +877,16 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req) ldb = ldb_module_get_ctx(module); p = talloc_get_type(ldb_module_get_private(module), struct aclread_private); + am_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID) != NULL; + if (!am_system) { + am_system = dsdb_module_am_system(module); + } + /* skip access checks if we are system or system control is supplied * or this is not LDAP server request */ if (!p || !p->enabled || - dsdb_module_am_system(module) - || as_system || !is_untrusted) { + am_system || + !is_untrusted) { return ldb_next_request(module, req); } /* no checks on special dn */ |