summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-10-15 15:54:20 +1100
committerAndrew Tridgell <tridge@samba.org>2009-10-15 15:54:20 +1100
commitfdeeafb481778ee9ef7e87f8afa046d5f311a769 (patch)
tree8c0510545101bbcc95d4b62dd6b02f4e454e4fc1
parent144686a838ca33ce5ccfed0f559e3165563946cc (diff)
downloadsamba-fdeeafb481778ee9ef7e87f8afa046d5f311a769.tar.gz
samba-fdeeafb481778ee9ef7e87f8afa046d5f311a769.tar.bz2
samba-fdeeafb481778ee9ef7e87f8afa046d5f311a769.zip
s4-dsdb: implement limit on rDN length
w2k8 imposes a limit of 64 characters on the rDN
-rw-r--r--source4/dsdb/samdb/ldb_modules/objectclass.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index b5e058df0b..003d6731d4 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -330,6 +330,8 @@ static int fix_dn(TALLOC_CTX *mem_ctx,
struct ldb_dn **fixed_dn)
{
char *upper_rdn_attr;
+ const struct ldb_val *rdn_val;
+
/* Fix up the DN to be in the standard form, taking particular care to match the parent DN */
*fixed_dn = ldb_dn_copy(mem_ctx, parent_dn);
@@ -339,15 +341,21 @@ static int fix_dn(TALLOC_CTX *mem_ctx,
if (!upper_rdn_attr) {
return LDB_ERR_OPERATIONS_ERROR;
}
-
+
/* Create a new child */
if (ldb_dn_add_child_fmt(*fixed_dn, "X=X") == false) {
return LDB_ERR_OPERATIONS_ERROR;
}
+ /* AD doesn't allow the rDN to be longer than 64 characters */
+ rdn_val = ldb_dn_get_rdn_val(newdn);
+ if (!rdn_val || rdn_val->length > 64) {
+ DEBUG(2,(__location__ ": rDN longer than 64 limit for '%s'\n", ldb_dn_get_linearized(newdn)));
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
/* And replace it with CN=foo (we need the attribute in upper case */
- return ldb_dn_set_component(*fixed_dn, 0, upper_rdn_attr,
- *ldb_dn_get_rdn_val(newdn));
+ return ldb_dn_set_component(*fixed_dn, 0, upper_rdn_attr, *rdn_val);
}
/* Fix all attribute names to be in the correct case, and check they are all valid per the schema */