From 0ebb93708eb377e29eaaf4400c65399d18c229b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Jan 2013 16:22:09 +0100 Subject: dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUID Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/acl.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 41c257b999..75b871f0d2 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -1267,7 +1267,9 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req) /* Nope, we don't have delete object. Lets check if we have delete * child on the parent */ ret = dsdb_module_check_access_on_dn(module, req, parent, - SEC_ADS_DELETE_CHILD, NULL, req); + SEC_ADS_DELETE_CHILD, + &objectclass->schemaIDGUID, + req); if (ret != LDB_SUCCESS) { return ret; } @@ -1462,7 +1464,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } /* what about delete child on the current parent */ - ret = dsdb_module_check_access_on_dn(module, req, oldparent, SEC_ADS_DELETE_CHILD, NULL, req); + ret = dsdb_module_check_access_on_dn(module, req, oldparent, + SEC_ADS_DELETE_CHILD, + &objectclass->schemaIDGUID, + req); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ldb_module_get_ctx(module), "acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn)); -- cgit