summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-01 17:02:45 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-01 21:30:28 +0200
commitf824e459f0c7971e86ff214bdfe84ce93dba14aa (patch)
tree997839e3c6b8d08802a1664cbcde86be02fdc978 /source4/dsdb/samdb/ldb_modules
parent149f4251c5ae38d598a14aa899f5b418acf1c962 (diff)
downloadsamba-f824e459f0c7971e86ff214bdfe84ce93dba14aa.tar.gz
samba-f824e459f0c7971e86ff214bdfe84ce93dba14aa.tar.bz2
samba-f824e459f0c7971e86ff214bdfe84ce93dba14aa.zip
s4:acl LDB module - remove the "forest DN" check
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 77503a664e..1b85c5ded9 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -623,8 +623,7 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
/* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.add.message->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.add.message->dn, (ldb_get_config_basedn(ldb))) == 0) ||
- (ldb_dn_compare(req->op.add.message->dn, (ldb_get_default_basedn(ldb))) == 0) ||
- (ldb_dn_compare(req->op.add.message->dn, (ldb_get_root_basedn(ldb))) == 0)) {
+ (ldb_dn_compare(req->op.add.message->dn, (ldb_get_default_basedn(ldb))) == 0)) {
return ldb_next_request(module, req);
}
@@ -1025,8 +1024,7 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req)
/* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.del.dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.del.dn, (ldb_get_config_basedn(ldb))) == 0) ||
- (ldb_dn_compare(req->op.del.dn, (ldb_get_default_basedn(ldb))) == 0) ||
- (ldb_dn_compare(req->op.del.dn, (ldb_get_root_basedn(ldb))) == 0)) {
+ (ldb_dn_compare(req->op.del.dn, (ldb_get_default_basedn(ldb))) == 0)) {
DEBUG(10,("acl:deleting an NC\n"));
return ldb_module_done(req, NULL, NULL, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS);
}
@@ -1153,8 +1151,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
/* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.rename.newdn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.rename.newdn, (ldb_get_config_basedn(ldb))) == 0) ||
- (ldb_dn_compare(req->op.rename.newdn, (ldb_get_default_basedn(ldb))) == 0) ||
- (ldb_dn_compare(req->op.rename.newdn, (ldb_get_root_basedn(ldb))) == 0)) {
+ (ldb_dn_compare(req->op.rename.newdn, (ldb_get_default_basedn(ldb))) == 0)) {
DEBUG(10,("acl:moving as an NC\n"));
return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
}