diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-24 10:06:13 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:21 +0100 |
commit | 5838637b4218ecf88e7a650610da3be1a5a518c9 (patch) | |
tree | b2b9846bb236e9ad6f37e72ee36edc5df1242e20 | |
parent | 60c29a51a062640bf23c85d0d2f650d35a9ab59c (diff) | |
download | samba-5838637b4218ecf88e7a650610da3be1a5a518c9.tar.gz samba-5838637b4218ecf88e7a650610da3be1a5a518c9.tar.bz2 samba-5838637b4218ecf88e7a650610da3be1a5a518c9.zip |
s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 4a288f152f..9bf261225e 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1230,6 +1230,18 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) } talloc_free(nc_root); + if (ldb_request_get_control(req, LDB_CONTROL_TREE_DELETE_OID)) { + ret = dsdb_module_check_access_on_dn(module, req, + req->op.del.dn, + SEC_ADS_DELETE_TREE, NULL, + req); + if (ret != LDB_SUCCESS) { + return ret; + } + + return ldb_next_request(module, req); + } + /* First check if we have delete object right */ ret = dsdb_module_check_access_on_dn(module, req, req->op.del.dn, SEC_STD_DELETE, NULL, req); |