summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-12-04 15:40:31 +0100
committerStefan Metzmacher <metze@samba.org>2008-12-04 15:45:16 +0100
commit677e0fb9659abe1ad684dd980d61b88caad9f8a2 (patch)
tree3f6af17089ea28c56aea8914f60243be18a173be
parent180245fce0f0d73d924ca6a25db3fc78934c40d1 (diff)
downloadsamba-677e0fb9659abe1ad684dd980d61b88caad9f8a2.tar.gz
samba-677e0fb9659abe1ad684dd980d61b88caad9f8a2.tar.bz2
samba-677e0fb9659abe1ad684dd980d61b88caad9f8a2.zip
s4:kludge_acl: allow everybody to read the sequence number
metze
-rw-r--r--source4/dsdb/samdb/ldb_modules/kludge_acl.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 6acbf45afd..97179a8126 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -417,6 +417,32 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req)
}
}
+static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *req)
+{
+ enum security_user_level user_type;
+
+ /* allow everybody to read the sequence number */
+ if (strcmp(req->op.extended.oid,
+ LDB_EXTENDED_SEQUENCE_NUMBER) == 0) {
+ return ldb_next_request(module, req);
+ }
+
+ user_type = what_is_user(module);
+
+ switch (user_type) {
+ case SECURITY_SYSTEM:
+ case SECURITY_ADMINISTRATOR:
+ return ldb_next_request(module, req);
+ default:
+ ldb_asprintf_errstring(module->ldb,
+ "kludge_acl_change: "
+ "attempted database modify not permitted. "
+ "User %s is not SYSTEM or an administrator",
+ user_name(req, module));
+ return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
+ }
+}
+
static int kludge_acl_init(struct ldb_module *module)
{
int ret, i;
@@ -494,6 +520,6 @@ _PUBLIC_ const struct ldb_module_ops ldb_kludge_acl_module_ops = {
.modify = kludge_acl_change,
.del = kludge_acl_change,
.rename = kludge_acl_change,
- .extended = kludge_acl_change,
+ .extended = kludge_acl_extended,
.init_context = kludge_acl_init
};