diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-11-11 16:43:18 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-11-15 09:46:29 +0100 |
commit | be091eddec3715c5807f03fdc3d83ffc5a857433 (patch) | |
tree | f9b021a52a0b31b73f0001cd3c279f037d89a0e8 | |
parent | 38868c8b7f9c099158c62f8c653e10d5ca1c91ac (diff) | |
download | samba-be091eddec3715c5807f03fdc3d83ffc5a857433.tar.gz samba-be091eddec3715c5807f03fdc3d83ffc5a857433.tar.bz2 samba-be091eddec3715c5807f03fdc3d83ffc5a857433.zip |
s4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, msDS-IntId
As windows we return CONSTRAINT_VIOLATION now.
metze
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_data.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c index 3d50d99ac2..acf8186fb1 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_data.c +++ b/source4/dsdb/samdb/ldb_modules/schema_data.c @@ -275,6 +275,34 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req cmp = ldb_dn_compare(req->op.mod.message->dn, schema->base_dn); if (cmp == 0) { + static const char * const constrained_attrs[] = { + "schemaInfo", + "prefixMap", + "msDs-Schema-Extensions", + "msDS-IntId", + NULL + }; + size_t i; + struct ldb_message_element *el; + + if (ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID)) { + return ldb_next_request(module, req); + } + + for (i=0; constrained_attrs[i]; i++) { + el = ldb_msg_find_element(req->op.mod.message, + constrained_attrs[i]); + if (el == NULL) { + continue; + } + + ldb_debug_set(ldb, LDB_DEBUG_ERROR, + "schema_data_modify: reject update " + "of attribute[%s]\n", + constrained_attrs[i]); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + return ldb_next_request(module, req); } |