diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-06-22 17:05:08 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-06-22 11:16:26 +0200 |
commit | d9ee7aebcb26c6115e0caeacb90f3f916a5af600 (patch) | |
tree | 28a8e6a32e0fc1443e1a00ca53638c901d4d2a2d | |
parent | 21af0af4e4a498bc676125507fdb96fa5b0e5cd5 (diff) | |
download | samba-d9ee7aebcb26c6115e0caeacb90f3f916a5af600.tar.gz samba-d9ee7aebcb26c6115e0caeacb90f3f916a5af600.tar.bz2 samba-d9ee7aebcb26c6115e0caeacb90f3f916a5af600.zip |
s4-dsdb: catch duplicate matches in extended_dn_in
When searching using extended DNs, if there are multiple matches then
return an object not found error. This is needed for the case of a
duplicate objectSid, which happens for S-1-5-17
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c index 3e2004d6f3..e2bb0de054 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c @@ -103,6 +103,18 @@ static int extended_base_callback(struct ldb_request *req, struct ldb_reply *are switch (ares->type) { case LDB_REPLY_ENTRY: + if (ac->basedn) { + /* we have more than one match! This can + happen as S-1-5-17 appears twice in a + normal provision. We need to return + NO_SUCH_OBJECT */ + const char *str = talloc_asprintf(req, "Duplicate base-DN matches found for '%s'", + ldb_dn_get_extended_linearized(req, ac->req->op.search.base, 1)); + ldb_set_errstring(ldb_module_get_ctx(ac->module), str); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NO_SUCH_OBJECT); + } + if (!ac->wellknown_object) { ac->basedn = talloc_steal(ac, ares->message->dn); break; |