diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-15 22:30:16 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-15 22:31:04 +0000 |
commit | 061766e732490b81df3e9ce5968b281efd8c3c0d (patch) | |
tree | 9a5600e0a2f6659612e8b807c1b9cdfa84c83bfd | |
parent | 6ff009cacca7f62fc1b67270fb2bee4f20906c70 (diff) | |
download | samba-061766e732490b81df3e9ce5968b281efd8c3c0d.tar.gz samba-061766e732490b81df3e9ce5968b281efd8c3c0d.tar.bz2 samba-061766e732490b81df3e9ce5968b281efd8c3c0d.zip |
s4:objectclass LDB module - improve the default name context checking on modifications
Pointed out by abartlet
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/objectclass.c | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 5e3226a037..19feaa5c15 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -844,23 +844,19 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req * only on application NCs - not on the standard DCs */ if (oc_changes && (dsdb_forest_functional_level(ldb) < DS_DOMAIN_FUNCTION_2003)) { - int cnt = samdb_search_count(ldb, ac, - ldb_get_default_basedn(ldb), - "(distinguishedName=%s)", - ldb_dn_get_linearized(req->op.mod.message->dn)); - if (cnt == 0) { - cnt = samdb_search_count(ldb, ac, - ldb_get_config_basedn(ldb), - "(distinguishedName=%s)", - ldb_dn_get_linearized(req->op.mod.message->dn)); - } - if (cnt == 0) { - cnt = samdb_search_count(ldb, ac, - ldb_get_schema_basedn(ldb), - "(distinguishedName=%s)", - ldb_dn_get_linearized(req->op.mod.message->dn)); + struct ldb_dn *nc_root; + + ret = dsdb_find_nc_root(ldb, ac, req->op.mod.message->dn, + &nc_root); + if (ret != LDB_SUCCESS) { + return ret; } - if (cnt != 0) { + + if ((ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) == 0) || + (ldb_dn_compare(nc_root, ldb_get_config_basedn(ldb)) == 0) || + (ldb_dn_compare(nc_root, ldb_get_schema_basedn(ldb)) == 0)) { + ldb_set_errstring(ldb, + "objectclass: object class changes on objects under the standard name contexts not allowed!"); return LDB_ERR_UNWILLING_TO_PERFORM; } } |