summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-31 22:31:53 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-11-01 12:34:21 +0100
commit7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17 (patch)
treefa30037198cbf4278c8b75ec1cefa1e5ce3f7cd5
parent7578e04fb8022ba13fa07fb88eb3d00474337ea1 (diff)
downloadsamba-7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17.tar.gz
samba-7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17.tar.bz2
samba-7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17.zip
s4:samldb LDB module - deny "objectSid" modifications
The same as with Windows
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 2b3129cd99..89fa6b23e1 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1768,6 +1768,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
ldb = ldb_module_get_ctx(module);
+ /* make sure that "objectSid" is not specified */
+ el = ldb_msg_find_element(req->op.mod.message, "objectSid");
+ if (el != NULL) {
+ ldb_set_errstring(ldb,
+ "samldb: objectSid must not be specified!");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
/* make sure that "sAMAccountType" is not specified */
el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType");
if (el != NULL) {