diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-31 22:31:53 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-11-01 12:34:21 +0100 |
commit | 7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17 (patch) | |
tree | fa30037198cbf4278c8b75ec1cefa1e5ce3f7cd5 | |
parent | 7578e04fb8022ba13fa07fb88eb3d00474337ea1 (diff) | |
download | samba-7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17.tar.gz samba-7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17.tar.bz2 samba-7ca6b3ee6d6fbb602ad4e43326c67784efbe0a17.zip |
s4:samldb LDB module - deny "objectSid" modifications
The same as with Windows
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 2b3129cd99..89fa6b23e1 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1768,6 +1768,13 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) ldb = ldb_module_get_ctx(module); + /* make sure that "objectSid" is not specified */ + el = ldb_msg_find_element(req->op.mod.message, "objectSid"); + if (el != NULL) { + ldb_set_errstring(ldb, + "samldb: objectSid must not be specified!"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } /* make sure that "sAMAccountType" is not specified */ el = ldb_msg_find_element(req->op.mod.message, "sAMAccountType"); if (el != NULL) { |