diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-12-30 18:47:51 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-01-02 08:16:56 +1100 |
commit | 23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1 (patch) | |
tree | c89d00fd4291697cc806af2e23e6fdc542a3656a /source4/dsdb/samdb | |
parent | 1c5a268f34af7fdb4fcbd7f94898a1e76aa142b7 (diff) | |
download | samba-23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1.tar.gz samba-23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1.tar.bz2 samba-23eb9f49a75f599a78d2f70fb4b864f1e0c6e0a1.zip |
s4-dsdb: allow system to remove deleted objects
This will be used by a periodic job to remove tombstoned objects
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index f12b62c14b..ab412942e9 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -47,6 +47,7 @@ #include "lib/util/dlinklist.h" #include "dsdb/samdb/ldb_modules/util.h" #include "lib/util/binsearch.h" +#include "libcli/security/security.h" #define W2K3_LINKED_ATTRIBUTES 1 @@ -2208,6 +2209,10 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req) uint32_t el_count = 0; int i; + if (ldb_dn_is_special(req->op.del.dn)) { + return ldb_next_request(module, req); + } + tmp_ctx = talloc_new(ldb); old_dn = ldb_dn_copy(tmp_ctx, req->op.del.dn); @@ -2224,6 +2229,20 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req) } old_msg = res->msgs[0]; + if (ldb_msg_check_string_attribute(old_msg, "isDeleted", "TRUE")) { + struct auth_session_info *session_info = + (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); + if (security_session_user_level(session_info) != SECURITY_SYSTEM) { + ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s", + ldb_dn_get_linearized(old_msg->dn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + /* it is already deleted - really remove it this time */ + talloc_free(tmp_ctx); + return ldb_next_request(module, req); + } + /* work out where we will be renaming this object to */ ret = dsdb_get_deleted_objects_dn(ldb, tmp_ctx, old_dn, &new_dn); if (ret != LDB_SUCCESS) { |