diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c index 6145bc7e500..f68f2fc0037 100644 --- a/lib/ldb/common/ldb.c +++ b/lib/ldb/common/ldb.c @@ -1775,6 +1775,10 @@ int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, if (ret != LDB_SUCCESS) goto done; + if(ldb_get_opaque(ldb, "untrusted")){ + ldb_req_mark_untrusted(req); + } + ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index a95fe48e487..c7bd7b0ebf4 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -5159,6 +5140,10 @@ int dsdb_search(struct ldb_context *ldb, return ret; } + if(ldb_get_opaque(ldb, "untrusted")){ + ldb_req_mark_untrusted(req); + } + ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index b1342cbfe84..e26e689d6f3 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2335,6 +2335,8 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T a_state = h->data; + ldb_set_opaque(a_state->sam_ctx, "untrusted", a_state->account_dn); + /* pull all the group attributes */ ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, a_state->account_dn, &res, attrs); @@ -2636,6 +2639,8 @@ static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, a_state = h->data; d_state = a_state->domain_state; + ldb_set_opaque(d_state->sam_ctx, "untrusted", d_state); + status = dsdb_enum_group_mem(d_state->sam_ctx, mem_ctx, a_state->account_dn, &members, &num_members);