summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-15 22:30:16 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-15 22:31:04 +0000
commit061766e732490b81df3e9ce5968b281efd8c3c0d (patch)
tree9a5600e0a2f6659612e8b807c1b9cdfa84c83bfd
parent6ff009cacca7f62fc1b67270fb2bee4f20906c70 (diff)
downloadsamba-061766e732490b81df3e9ce5968b281efd8c3c0d.tar.gz
samba-061766e732490b81df3e9ce5968b281efd8c3c0d.tar.bz2
samba-061766e732490b81df3e9ce5968b281efd8c3c0d.zip
s4:objectclass LDB module - improve the default name context checking on modifications
Pointed out by abartlet
-rw-r--r--source4/dsdb/samdb/ldb_modules/objectclass.c28
1 files changed, 12 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 5e3226a037..19feaa5c15 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -844,23 +844,19 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
* only on application NCs - not on the standard DCs */
if (oc_changes &&
(dsdb_forest_functional_level(ldb) < DS_DOMAIN_FUNCTION_2003)) {
- int cnt = samdb_search_count(ldb, ac,
- ldb_get_default_basedn(ldb),
- "(distinguishedName=%s)",
- ldb_dn_get_linearized(req->op.mod.message->dn));
- if (cnt == 0) {
- cnt = samdb_search_count(ldb, ac,
- ldb_get_config_basedn(ldb),
- "(distinguishedName=%s)",
- ldb_dn_get_linearized(req->op.mod.message->dn));
- }
- if (cnt == 0) {
- cnt = samdb_search_count(ldb, ac,
- ldb_get_schema_basedn(ldb),
- "(distinguishedName=%s)",
- ldb_dn_get_linearized(req->op.mod.message->dn));
+ struct ldb_dn *nc_root;
+
+ ret = dsdb_find_nc_root(ldb, ac, req->op.mod.message->dn,
+ &nc_root);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
- if (cnt != 0) {
+
+ if ((ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) == 0) ||
+ (ldb_dn_compare(nc_root, ldb_get_config_basedn(ldb)) == 0) ||
+ (ldb_dn_compare(nc_root, ldb_get_schema_basedn(ldb)) == 0)) {
+ ldb_set_errstring(ldb,
+ "objectclass: object class changes on objects under the standard name contexts not allowed!");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
}