diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-19 15:14:53 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-25 13:03:17 +0200 |
commit | fedd4aa3cb7a0d4b895ec040d74cfbfbee42cac5 (patch) | |
tree | 0077a4aa138087c4d1994347140d91da70dc95be | |
parent | 6e407a3c1c7166801bcec364186c487c27b18550 (diff) | |
download | samba-fedd4aa3cb7a0d4b895ec040d74cfbfbee42cac5.tar.gz samba-fedd4aa3cb7a0d4b895ec040d74cfbfbee42cac5.tar.bz2 samba-fedd4aa3cb7a0d4b895ec040d74cfbfbee42cac5.zip |
s4:objectclass_attrs LDB module - deny multi-valued replace requests
This is the AD behaviour. But on attributes with the flag
"FLAG_ATTR_REQ_PARTIAL_SET_MEMBER" it is allowed.
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index 2024a33d55..b3f7048a39 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -139,6 +139,19 @@ static int attr_handler(struct oc_context *ac) } } + /* Multi-valued replace operations are generally denied but + * there do exist exceptions where attributes have the flag + * "FLAG_ATTR_REQ_PARTIAL_SET_MEMBER" set. */ + if ((ac->req->operation == LDB_MODIFY) && + (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) == LDB_FLAG_MOD_REPLACE) && + (msg->elements[i].num_values > 1) && + ((attr->systemFlags & DS_FLAG_ATTR_REQ_PARTIAL_SET_MEMBER) == 0)) { + ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' is replaced multi-valued!", + msg->elements[i].name, + ldb_dn_get_linearized(msg->dn)); + return LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS; + } + /* Substitute the attribute name to match in case */ msg->elements[i].name = attr->lDAPDisplayName; } |