From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Sat, 25 Sep 2010 10:02:53 +0000 (+0200)
Subject: s4:objectclass LDB module - fix the "crossRef" delete protection
X-Git-Tag: samba-4.0.0alpha14~2378
X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=4768280614b517049ab724026b6867fbee77c6e3;p=samba.git

s4:objectclass LDB module - fix the "crossRef" delete protection

This is what Windows does

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 9ff20319b6e..11d61af4466 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -1423,11 +1423,17 @@ static int objectclass_do_delete(struct oc_context *ac)
 		dn = ldb_msg_find_attr_as_dn(ldb, ac, ac->search_res->message,
 					     "nCName");
 		if ((ldb_dn_compare(dn, ldb_get_default_basedn(ldb)) == 0) ||
-		    (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0) ||
-		    (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0)) {
+		    (ldb_dn_compare(dn, ldb_get_config_basedn(ldb)) == 0)) {
 			talloc_free(dn);
 
-			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the three main partitions!",
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the main or configuration partition!",
+					       ldb_dn_get_linearized(ac->req->op.del.dn));
+			return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF;
+		}
+		if (ldb_dn_compare(dn, ldb_get_schema_basedn(ldb)) == 0) {
+			talloc_free(dn);
+
+			ldb_asprintf_errstring(ldb, "objectclass: Cannot delete %s, it's a crossRef object to the schema partition!",
 					       ldb_dn_get_linearized(ac->req->op.del.dn));
 			return LDB_ERR_UNWILLING_TO_PERFORM;
 		}