summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-09-23 16:15:24 +1000
committerAndrew Tridgell <tridge@samba.org>2011-10-04 15:08:55 +1100
commit0d2d6c94d2da09b01d91c31cbf099248fac90802 (patch)
tree9a28b75782fca52e6eac6e2bac40cf16822e8a2b
parent1df100393b6788e7f94876b957f6110bd91f958e (diff)
downloadsamba-0d2d6c94d2da09b01d91c31cbf099248fac90802.tar.gz
samba-0d2d6c94d2da09b01d91c31cbf099248fac90802.tar.bz2
samba-0d2d6c94d2da09b01d91c31cbf099248fac90802.zip
s4-ldap-server: disallow all modifies on global catalog port
-rw-r--r--source4/ldap_server/ldap_backend.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 94f9ad3ace..57f81eaaaf 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -305,6 +305,11 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call,
if (ret != LDB_SUCCESS) return ret;
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
@@ -358,6 +363,11 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call,
return ret;
}
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
@@ -404,6 +414,11 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call,
if (ret != LDB_SUCCESS) return ret;
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;
@@ -451,6 +466,11 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call,
if (ret != LDB_SUCCESS) return ret;
+ if (call->conn->global_catalog) {
+ return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, "modify forbidden on global catalog port");
+ }
+ ldb_request_add_control(req, DSDB_CONTROL_NO_GLOBAL_CATALOG, false, NULL);
+
ret = ldb_transaction_start(ldb);
if (ret != LDB_SUCCESS) {
return ret;