git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
60c29a5
)
s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug...
author
Stefan Metzmacher
<metze@samba.org>
Sat, 24 Nov 2012 09:06:13 +0000
(10:06 +0100)
committer
Michael Adam
<obnox@samba.org>
Fri, 30 Nov 2012 16:17:21 +0000
(17:17 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
source4/dsdb/samdb/ldb_modules/acl.c
patch
|
blob
|
history
diff --git
a/source4/dsdb/samdb/ldb_modules/acl.c
b/source4/dsdb/samdb/ldb_modules/acl.c
index 4a288f152fffe4dbf5da3e4ebaeed849f48f6171..9bf261225ec67946bfa55f8cb14012ece4386c61 100644
(file)
--- a/
source4/dsdb/samdb/ldb_modules/acl.c
+++ b/
source4/dsdb/samdb/ldb_modules/acl.c
@@
-1230,6
+1230,18
@@
static int acl_delete(struct ldb_module *module, struct ldb_request *req)
}
talloc_free(nc_root);
+ if (ldb_request_get_control(req, LDB_CONTROL_TREE_DELETE_OID)) {
+ ret = dsdb_module_check_access_on_dn(module, req,
+ req->op.del.dn,
+ SEC_ADS_DELETE_TREE, NULL,
+ req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ return ldb_next_request(module, req);
+ }
+
/* First check if we have delete object right */
ret = dsdb_module_check_access_on_dn(module, req, req->op.del.dn,
SEC_STD_DELETE, NULL, req);