summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-23 09:55:17 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:20 +0100
commit5aa7dbe546ff18e521e72c0af713a2509201e00d (patch)
treee8f6d794d326ab95916ef469044adc5430017dcc
parent4ef36fda681409bf7050adb98bb4b3d574bc01a9 (diff)
downloadsamba-5aa7dbe546ff18e521e72c0af713a2509201e00d.tar.gz
samba-5aa7dbe546ff18e521e72c0af713a2509201e00d.tar.bz2
samba-5aa7dbe546ff18e521e72c0af713a2509201e00d.zip
s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index b41c0aafba..4b4704b664 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -642,6 +642,17 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_next_request(module, req);
}
+ /*
+ * nTSecurityDescriptor with DELETE is not supported yet.
+ * TODO: handle this correctly.
+ */
+ if (LDB_FLAG_MOD_TYPE(sd_element->flags) == LDB_FLAG_MOD_DELETE) {
+ return ldb_module_error(module,
+ LDB_ERR_UNWILLING_TO_PERFORM,
+ "MOD_DELETE for nTSecurityDescriptor "
+ "not supported yet");
+ }
+
user_sd = ldb_msg_find_ldb_val(req->op.mod.message, "nTSecurityDescriptor");
/* nTSecurityDescriptor without a value is an error, letting through so it is handled */
if (user_sd == NULL) {