diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-09-23 21:12:00 -0700 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-10-02 19:17:24 +0200 |
| commit | 26516032694f88ecf28705fb93dadfeadab96691 (patch) | |
| tree | cca3e9f54d2157c7d26a93a8636da653e1739bd7 | |
| parent | d2ac4cbceeab35b95dd892390b46adbf6bc65815 (diff) | |
| download | samba-26516032694f88ecf28705fb93dadfeadab96691.tar.gz samba-26516032694f88ecf28705fb93dadfeadab96691.tar.bz2 samba-26516032694f88ecf28705fb93dadfeadab96691.zip | |
s4:ldb Don't allow RDN to be modified with an LDB modify message
Found by the Microsoft testsuite at the AD interop event.
Andrew Bartlett
| -rw-r--r-- | source4/lib/ldb/modules/rdn_name.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index 07abb53ca4..5269a6a64f 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Andrew Bartlett 2005 + Copyright (C) Andrew Bartlett 2005-2009 Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb @@ -329,8 +329,37 @@ static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, down_req); } +static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_context *ldb; + + ldb = ldb_module_get_ctx(module); + ldb_debug(ldb, LDB_DEBUG_TRACE, "rdn_name_rename"); + + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + if (ldb_msg_find_element(req->op.mod.message, "name")) { + ldb_asprintf_errstring(ldb, "Modify of 'name' on %s not permitted, must use 'rename' operation instead", + ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_NOT_ALLOWED_ON_RDN; + } + + if (ldb_msg_find_element(req->op.mod.message, ldb_dn_get_rdn_name(req->op.mod.message->dn))) { + ldb_asprintf_errstring(ldb, "Modify of RDN '%s' on %s not permitted, must use 'rename' operation instead", + ldb_dn_get_rdn_name(req->op.mod.message->dn), ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_NOT_ALLOWED_ON_RDN; + } + + /* All OK, they kept their fingers out of the special attributes */ + return ldb_next_request(module, req); +} + const struct ldb_module_ops ldb_rdn_name_module_ops = { .name = "rdn_name", .add = rdn_name_add, + .modify = rdn_name_modify, .rename = rdn_name_rename, }; |