summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-11-11 16:43:18 +0100
committerStefan Metzmacher <metze@samba.org>2011-11-15 09:46:29 +0100
commitbe091eddec3715c5807f03fdc3d83ffc5a857433 (patch)
treef9b021a52a0b31b73f0001cd3c279f037d89a0e8
parent38868c8b7f9c099158c62f8c653e10d5ca1c91ac (diff)
downloadsamba-be091eddec3715c5807f03fdc3d83ffc5a857433.tar.gz
samba-be091eddec3715c5807f03fdc3d83ffc5a857433.tar.bz2
samba-be091eddec3715c5807f03fdc3d83ffc5a857433.zip
s4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, msDS-IntId
As windows we return CONSTRAINT_VIOLATION now. metze
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_data.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index 3d50d99ac2..acf8186fb1 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -275,6 +275,34 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req
cmp = ldb_dn_compare(req->op.mod.message->dn, schema->base_dn);
if (cmp == 0) {
+ static const char * const constrained_attrs[] = {
+ "schemaInfo",
+ "prefixMap",
+ "msDs-Schema-Extensions",
+ "msDS-IntId",
+ NULL
+ };
+ size_t i;
+ struct ldb_message_element *el;
+
+ if (ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID)) {
+ return ldb_next_request(module, req);
+ }
+
+ for (i=0; constrained_attrs[i]; i++) {
+ el = ldb_msg_find_element(req->op.mod.message,
+ constrained_attrs[i]);
+ if (el == NULL) {
+ continue;
+ }
+
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ "schema_data_modify: reject update "
+ "of attribute[%s]\n",
+ constrained_attrs[i]);
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
return ldb_next_request(module, req);
}