TALLOC_CTX *tmp_ctx = talloc_new(req);
NTSTATUS status;
uint32_t access_granted;
+ const char *rdn_name;
static const char *acl_attrs[] = {
"nTSecurityDescriptor",
"objectClass",
return LDB_ERR_OPERATIONS_ERROR;
};
+ rdn_name = ldb_dn_get_rdn_name(req->op.rename.olddn);
+ if (rdn_name == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ guid = attribute_schemaid_guid_by_lDAPDisplayName(dsdb_get_schema(ldb),
+ rdn_name);
+ if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
+ &new_node, &new_node)) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ };
+
ret = get_sd_from_ldb_message(req, acl_res->msgs[0], &sd);
if (ret != LDB_SUCCESS) {
self.delete_force(self.ldb_admin, "CN=test_rename_user1,OU=test_rename_ou1," + self.base_dn)
self.delete_force(self.ldb_admin, "CN=test_rename_user2,OU=test_rename_ou1," + self.base_dn)
self.delete_force(self.ldb_admin, "CN=test_rename_user5,OU=test_rename_ou1," + self.base_dn)
+ self.delete_force(self.ldb_admin, "OU=test_rename_ou3,OU=test_rename_ou1," + self.base_dn)
self.delete_force(self.ldb_admin, "OU=test_rename_ou1," + self.base_dn)
if self.SAMBA:
self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
% rename_user_dn )
self.assertNotEqual( res, [] )
+ def test_rename_u8(self):
+ """Test rename on an object with and without modify access on the RDN attribute"""
+ ou1_dn = "OU=test_rename_ou1," + self.base_dn
+ ou2_dn = "OU=test_rename_ou2," + ou1_dn
+ ou3_dn = "OU=test_rename_ou3," + ou1_dn
+ # Create OU structure
+ self.create_ou(self.ldb_admin, ou1_dn)
+ self.create_ou(self.ldb_admin, ou2_dn)
+ sid = self.get_object_sid(self.get_user_dn(self.regular_user))
+ mod = "(OA;;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
+ self.dacl_add_ace(ou2_dn, mod)
+ mod = "(OD;;WP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
+ self.dacl_add_ace(ou2_dn, mod)
+ try:
+ self.ldb_user.rename(ou2_dn, ou3_dn)
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+ else:
+ # This rename operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+ self.fail()
+ sid = self.get_object_sid(self.get_user_dn(self.regular_user))
+ mod = "(A;;WP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
+ self.dacl_add_ace(ou2_dn, mod)
+ self.ldb_user.rename(ou2_dn, ou3_dn)
+ res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s)" \
+ % ou2_dn )
+ self.assertEqual( res, [] )
+ res = self.ldb_admin.search( self.base_dn, expression="(distinguishedName=%s)" \
+ % ou3_dn )
+ self.assertNotEqual( res, [] )
+
# Important unit running information
if not "://" in host:
git.samba.org / kamenim / samba.git / commitdiff