summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-24 10:06:13 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:21 +0100
commit5838637b4218ecf88e7a650610da3be1a5a518c9 (patch)
treeb2b9846bb236e9ad6f37e72ee36edc5df1242e20
parent60c29a51a062640bf23c85d0d2f650d35a9ab59c (diff)
downloadsamba-5838637b4218ecf88e7a650610da3be1a5a518c9.tar.gz
samba-5838637b4218ecf88e7a650610da3be1a5a518c9.tar.bz2
samba-5838637b4218ecf88e7a650610da3be1a5a518c9.zip
s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 4a288f152f..9bf261225e 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -1230,6 +1230,18 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req)
}
talloc_free(nc_root);
+ if (ldb_request_get_control(req, LDB_CONTROL_TREE_DELETE_OID)) {
+ ret = dsdb_module_check_access_on_dn(module, req,
+ req->op.del.dn,
+ SEC_ADS_DELETE_TREE, NULL,
+ req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ return ldb_next_request(module, req);
+ }
+
/* First check if we have delete object right */
ret = dsdb_module_check_access_on_dn(module, req, req->op.del.dn,
SEC_STD_DELETE, NULL, req);