ldb = ldb_module_get_ctx(module);
/* Creating an NC. There is probably something we should do here,
* but we will establish that later */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.add.message->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.add.message->dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(req->op.add.message->dn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.add.message->dn, (ldb_get_root_basedn(ldb))) == 0)) {
return ldb_next_request(module, req);
}
/* Nope, we don't have delete object. Lets check if we have delete child on the parent */
/* No parent, so check fails */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.del.dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.del.dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(req->op.del.dn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.del.dn, (ldb_get_root_basedn(ldb))) == 0)) {
DEBUG(10,("acl:deleting an NC\n"));
return ldb_module_done(req, NULL, NULL, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS);
}
/* What exactly to do in this case? It would fail anyway.. */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.rename.newdn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.rename.newdn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(req->op.rename.newdn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.rename.newdn, (ldb_get_root_basedn(ldb))) == 0)) {
DEBUG(10,("acl:moving as an NC\n"));
return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
{
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct ldb_dn *root_base_dn = ldb_get_root_basedn(ldb);
+ struct ldb_dn *default_base_dn = ldb_get_default_basedn(ldb);
struct ldb_dn *schema_base_dn = ldb_get_schema_basedn(ldb);
struct ldb_dn *config_base_dn = ldb_get_config_basedn(ldb);
const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
struct dom_sid *sa_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_SCHEMA_ADMINS);
struct dom_sid *dag_sid;
+ /* FIXME: this has to be fixed regarding the forest DN (root DN) and
+ * the domain DN (default DN) - they aren't always the same. */
+
if (ldb_dn_compare_base(schema_base_dn, dn) == 0){
if (security_token_has_sid(token, sa_sid))
dag_sid = dom_sid_dup(mem_ctx, sa_sid);
ac->sd_val = talloc_memdup(ac, &sd_element->values[0], sizeof(struct ldb_val));
}
/* NC's have no parent */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(msg->dn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0)) {
ac->parentsd_val = NULL;
} else if (ac->search_res != NULL) {
git.samba.org / samba.git / commitdiff