diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-01-17 16:22:09 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
| commit | 0ebb93708eb377e29eaaf4400c65399d18c229b6 (patch) | |
| tree | aec3d8486a2c600bd00eca348be875ac01d535de | |
| parent | 8f8d97f9fe05b2de1403676a148ab7b90a83812b (diff) | |
| download | samba-0ebb93708eb377e29eaaf4400c65399d18c229b6.tar.gz samba-0ebb93708eb377e29eaaf4400c65399d18c229b6.tar.bz2 samba-0ebb93708eb377e29eaaf4400c65399d18c229b6.zip | |
dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 41c257b999..75b871f0d2 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1267,7 +1267,9 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) /* Nope, we don't have delete object. Lets check if we have delete * child on the parent */ ret = dsdb_module_check_access_on_dn(module, req, parent, - SEC_ADS_DELETE_CHILD, NULL, req); + SEC_ADS_DELETE_CHILD, + &objectclass->schemaIDGUID, + req); if (ret != LDB_SUCCESS) { return ret; } @@ -1462,7 +1464,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } /* what about delete child on the current parent */ - ret = dsdb_module_check_access_on_dn(module, req, oldparent, SEC_ADS_DELETE_CHILD, NULL, req); + ret = dsdb_module_check_access_on_dn(module, req, oldparent, + SEC_ADS_DELETE_CHILD, + &objectclass->schemaIDGUID, + req); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb_module_get_ctx(module), "acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn)); |