summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-01 17:34:43 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-01 21:30:29 +0200
commitc38219adfc12828d436bd46b17107feba619aa55 (patch)
tree9464b1ebe7b94e582b0967af55c7789d269746d6
parentba4578f98b411f175803160a9a1f81c1c3786f1f (diff)
downloadsamba-c38219adfc12828d436bd46b17107feba619aa55.tar.gz
samba-c38219adfc12828d436bd46b17107feba619aa55.tar.bz2
samba-c38219adfc12828d436bd46b17107feba619aa55.zip
s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed.
-rw-r--r--source4/dsdb/samdb/ldb_modules/instancetype.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
index 7360c7c993..0a11bccbca 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -86,7 +86,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
struct ldb_message *msg;
struct ldb_message_element *el;
struct it_context *ac;
- uint32_t instance_type;
+ uint32_t instanceType;
int ret;
ldb = ldb_module_get_ctx(module);
@@ -100,8 +100,6 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
el = ldb_msg_find_element(req->op.add.message, "instanceType");
if (el != NULL) {
- unsigned int instanceType;
-
if (el->num_values != 1) {
ldb_set_errstring(ldb, "instancetype: the 'instanceType' attribute is single-valued!");
return LDB_ERR_UNWILLING_TO_PERFORM;
@@ -110,9 +108,25 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
instanceType = ldb_msg_find_attr_as_uint(req->op.add.message,
"instanceType", 0);
if (!(instanceType & INSTANCE_TYPE_IS_NC_HEAD)) {
+ /* if we have no NC add operation (no TYPE_IS_NC_HEAD)
+ * then "instanceType" can only be "0" or "TYPE_WRITE".
+ */
+ if ((instanceType != 0) &&
+ ((instanceType & INSTANCE_TYPE_WRITE) == 0)) {
+ ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD wasn't set, then only TYPE_WRITE or 0 are allowed!");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
return ldb_next_request(module, req);
}
+ /* if we have a NC add operation then we need also the
+ * "TYPE_WRITE" flag in order to succeed. */
+ if (!(instanceType & INSTANCE_TYPE_WRITE)) {
+ ldb_set_errstring(ldb, "instancetype: if TYPE_IS_NC_HEAD was set, then also TYPE_WRITE is requested!");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
/* Forward the 'add' to the modules below, but if it
* succeeds, then we might need to add the boilerplate
* entries (lost+found, deleted objects) */
@@ -146,11 +160,11 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
/*
* TODO: calculate correct instance type
*/
- instance_type = INSTANCE_TYPE_WRITE;
+ instanceType = INSTANCE_TYPE_WRITE;
- ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type);
+ ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instanceType);
if (ret != LDB_SUCCESS) {
- return ldb_oom(ldb);
+ return ret;
}
ret = ldb_build_add_req(&down_req, ldb, req,