summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-10 10:39:52 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-10 16:22:05 +0200
commit0a41b7e95b394e410cc0d8d02e9ff5ea1f64cd9c (patch)
treea839de6cc87c1fb06b3d5040766f71911ad3adb6
parentf66cc827096c53d4d16b8c850c83a3b5664e9725 (diff)
downloadsamba-0a41b7e95b394e410cc0d8d02e9ff5ea1f64cd9c.tar.gz
samba-0a41b7e95b394e410cc0d8d02e9ff5ea1f64cd9c.tar.bz2
samba-0a41b7e95b394e410cc0d8d02e9ff5ea1f64cd9c.zip
s4:instancetype LDB module - prevent all types of "instanceType" manipulation
Also on Windows Server you aren't able to change it.
-rw-r--r--source4/dsdb/samdb/ldb_modules/instancetype.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
index 7828ce1d26..4ed906f362 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -158,7 +158,23 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, down_req);
}
+/* deny instancetype modification */
+static int instancetype_mod(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct ldb_message_element *el;
+
+ el = ldb_msg_find_element(req->op.mod.message, "instanceType");
+ if (el != NULL) {
+ ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute can never be changed!");
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
+ return ldb_next_request(module, req);
+}
+
_PUBLIC_ const struct ldb_module_ops ldb_instancetype_module_ops = {
.name = "instancetype",
.add = instancetype_add,
+ .modify = instancetype_mod
};