sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUID

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2013-01-17 16:22:09 +01:00
parent 8f8d97f9fe
commit 0ebb93708e
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
source4/dsdb/samdb/ldb_modules/acl.c
View File

@ -1267,7 +1267,9 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req)
/* Nope, we don't have delete object. Lets check if we have delete
* child on the parent */
ret = dsdb_module_check_access_on_dn(module, req, parent,
SEC_ADS_DELETE_CHILD, NULL, req);
SEC_ADS_DELETE_CHILD,
&objectclass->schemaIDGUID,
req);
if (ret != LDB_SUCCESS) {
return ret;
}
@ -1462,7 +1464,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
/* what about delete child on the current parent */
ret = dsdb_module_check_access_on_dn(module, req, oldparent, SEC_ADS_DELETE_CHILD, NULL, req);
ret = dsdb_module_check_access_on_dn(module, req, oldparent,
SEC_ADS_DELETE_CHILD,
&objectclass->schemaIDGUID,
req);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb_module_get_ctx(module),
"acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn));