summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-12-30 18:47:51 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-02 08:16:56 +1100
commit23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1 (patch)
treec89d00fd4291697cc806af2e23e6fdc542a3656a /source4/dsdb/samdb
parent1c5a268f34af7fdb4fcbd7f94898a1e76aa142b7 (diff)
downloadsamba-23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1.tar.gz
samba-23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1.tar.bz2
samba-23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1.zip
s4-dsdb: allow system to remove deleted objects
This will be used by a periodic job to remove tombstoned objects
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index f12b62c14b..ab412942e9 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -47,6 +47,7 @@
#include "lib/util/dlinklist.h"
#include "dsdb/samdb/ldb_modules/util.h"
#include "lib/util/binsearch.h"
+#include "libcli/security/security.h"
#define W2K3_LINKED_ATTRIBUTES 1
@@ -2208,6 +2209,10 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
uint32_t el_count = 0;
int i;
+ if (ldb_dn_is_special(req->op.del.dn)) {
+ return ldb_next_request(module, req);
+ }
+
tmp_ctx = talloc_new(ldb);
old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn);
@@ -2224,6 +2229,20 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
}
old_msg = res->msgs[0];
+ if (ldb_msg_check_string_attribute(old_msg, "isDeleted", "TRUE")) {
+ struct auth_session_info *session_info =
+ (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ if (security_session_user_level(session_info) != SECURITY_SYSTEM) {
+ ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
+ ldb_dn_get_linearized(old_msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ /* it is already deleted - really remove it this time */
+ talloc_free(tmp_ctx);
+ return ldb_next_request(module, req);
+ }
+
/* work out where we will be renaming this object to */
ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn, &new_dn);
if (ret != LDB_SUCCESS) {